<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gzseo/gzseo-2014-missing-authorization</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sandbox/sandbox-161-arbitrary-file-upload</loc>
<lastmod>2013-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-19170-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-mailer-email-log-delivery-failure-notifications-and-best-mail-smtp-for-wordpress-286-authenticated-administrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartpay/wp-smartpay-2713-authenticated-subscriber-account-takeover</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-security/fluentauth-auth-security-plugin-203-authenticated-contributor-stored-cross-site-scripting-via-fluent_auth_reset_password-shortcode</loc>
<lastmod>2025-12-15T02:19:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-params/cookie-params-02-reflected-cross-site-scripting-and-cross-site-request-forgery</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/selling-commander-connector/selling-commander-for-woocommerce-1246-unauthenticated-privilege-escalation</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wprentals/wp-rentals-3161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-2112-contributor-sql-injection</loc>
<lastmod>2021-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activecampaign-subscription-forms/activecampaign-8114-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-responsive-news-tickers-sliders-and-lists-3131-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ppo-call-to-actions/ppo-call-to-actions-013-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpguppy-lite/one-to-one-user-chat-by-wpguppy-110-authorization-bypass</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-directory/employee-directory-staff-listing-amp-team-directory-plugin-for-wordpress-453-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-293-authenticatededitor-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-core/bbp-core-expand-bbpress-powered-forums-with-useful-features-125-reflected-cross-site-scripting-via-add_query_arg-parameter</loc>
<lastmod>2024-11-01T19:19:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-436-unauthenticated-sensitive-information-exposure-via-c_status-and-return_type-parameters</loc>
<lastmod>2026-06-05T14:23:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-115-cross-site-scripting</loc>
<lastmod>2010-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-284-authenticated-subscriber-stored-cross-site-scripting-via-mwai_chatbot-shortcode-id-parameter</loc>
<lastmod>2025-07-07T12:13:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/echosign/echo-sign-12-reflected-cross-site-scripting</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-image-adder/fast-image-adder-12-arbitrary-file-upload</loc>
<lastmod>2017-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-vibes/form-vibes-1410-authenticated-subscriber-sql-injection-via-fv_export_data</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-211-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animate-it/animate-it-240-cross-site-scripting</loc>
<lastmod>2022-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-843-authenticated-stored-cross-site-scripting-via-form-name</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-ad-changer/cm-ad-changer-207-cross-site-request-forgery-to-campaign-deletion-via-campaign-management</loc>
<lastmod>2026-05-26T16:01:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attesa-extra/attesa-extra-142-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-891-authenticated-custom-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T21:30:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-affiliate-plugin-for-woocommerce-753-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kute-boutique/boutique-233-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-ready-lite/elementsready-addons-for-elementor-647-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-255-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-crm-lead/ni-crm-lead-130-reflected-cross-site-scripting</loc>
<lastmod>2025-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatewoo/automatewoo-575-cross-site-request-forgery</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-902-reflected-cross-site-scripting-via-meta_field_id-and-cite_id</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duitku-social-payment-gateway/duitku-payment-gateway-2116-missing-authorization-via-check_duitku_response</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/superio/superio-job-board-1232-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/andyblue/andyblue-theme-15-cross-site-scripting</loc>
<lastmod>2007-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/customify/customify-0411-cross-site-request-forgery</loc>
<lastmod>2025-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apply-online/applyonline-application-form-builder-and-manager-252-missing-authorization</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vimeo-video-autoplay-automute/vimeo-video-autoplay-automute-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pdf-restaurant-menu-upload/easy-restaurant-menu-manager-202-cross-site-request-forgery-to-menu-upload</loc>
<lastmod>2025-08-12T15:10:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/scientia/scientia-124-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/asia-garden/asia-garden-131-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greyd_suite/greydsuite-126-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slidedeck-lite-for-wordpress/slidedeck-1-lite-content-slider-148-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-243-cross-site-request-forgery-to-user-verification</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-music-player/all-in-one-music-player-131-authenticated-contributor-path-traversal-via-theme-parameter</loc>
<lastmod>2025-09-29T15:29:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pastebin-embed/pastebin-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/felan-framework/felan-framework-113-missing-authorization</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-20541-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gcalendar/wp-google-calendar-manager-21-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-442-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-06T21:50:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riaxe-product-customizer/riaxe-product-customizer-212-unauthenticated-sql-injection-via-options-parameter-keys-in-product_data</loc>
<lastmod>2026-04-15T16:45:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-warfare/social-warfare-431-cross-site-request-forgery</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform/buddyboss-platform-2760-insecure-direct-object-reference-to-private-post-comment-exposure</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sepa-girocode/sepa-girocode-051-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsmiddle/adsmiddle-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-digital-signature/digital-signature-add-on-for-woocommerce-20-unauthenticated-information-exposure</loc>
<lastmod>2026-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dejavu/dejavu-24-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteseo/siteseo-seo-simplified-132-improper-authorization-to-authenticated-settings-reset</loc>
<lastmod>2025-11-18T17:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-473-arbitrary-file-deletion</loc>
<lastmod>2017-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-dev-livesmart-video-chat/livesmart-video-chat-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-27T17:15:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creatorlms/creator-lms-online-courses-and-elearning-plugin-1118-authenticated-contributor-privilege-escalation</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmi-adultkid-calculator/bmi-adult-kid-calculator-122-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awsom-news-announcement/awsom-news-announcement-160-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cookiteer/cookiteer-148-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feeds-for-youtube/feeds-for-youtube-youtube-video-channel-and-gallery-plugin-264-missing-authorization</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-content-importer/json-content-importer-1315-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-youtube/dsgvo-youtube-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-details/visitor-details-101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trafficanalyzer/traffic-analyzer-342-cross-site-scripting</loc>
<lastmod>2013-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder-pro/profile-builder-pro-3100-authenticated-subscriber-time-based-one-time-password-sensitive-information-exposure</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fix-rss-feed/fix-rss-feeds-31-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-groups/uncanny-groups-for-learndash-6101-missing-authorization-to-authenticated-group-leader-user-group-add</loc>
<lastmod>2024-09-24T14:24:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-22111-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abandoned-contact-form-7/abandoned-contact-form-7-22-missing-authorization-to-unauthenticated-arbitrary-post-deletion-via-recover_id-parameter</loc>
<lastmod>2026-06-15T16:26:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-310-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-25-cross-site-request-forgery</loc>
<lastmod>2023-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-styler/design-for-contact-form-7-style-wordpress-plugin-cf7-wow-styler-164-missing-authorization-via-several-ajax-action</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1263-authenticated-subscriber-insecure-direct-object-reference-to-calendar-takeover</loc>
<lastmod>2026-04-23T16:30:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/termin-kalender/termin-kalender-09947-missing-authorization-to-authenticated-subscriber</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-106-cross-site-request-forgery-via-wpbe_update_page_field</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-playground/quick-playground-133-unauthenticated-path-traversal-to-arbitrary-file-read-via-stylesheet-parameter</loc>
<lastmod>2026-05-14T19:01:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wa-sticky-button/wp-sticky-button-14-missing-authorization-to-arbitrary-settings-update</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportezzy/supportezzy-ticket-system-plugin-125-cross-site-scripting</loc>
<lastmod>2014-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-so/if-so-dynamic-content-personalization-1931-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokintroscroller/rokintroscroller-18-abuse-of-functionality</loc>
<lastmod>2013-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-323-missing-authorization</loc>
<lastmod>2024-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-363-authenticated-settings-modification-configuration-disclosure-and-user-data-export</loc>
<lastmod>2020-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videographywp/featured-video-for-wordpress-videographywp-1018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-security-aios-514-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netgsm/netgsm-28-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formassembly-web-forms/wp-formassembly-207-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brands-for-woocommerce/brands-for-woocommerce-3863-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkedin-lite/linkedin-lite-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-pricing-tables/product-pricing-table-by-woobewoo-110-cross-site-request-forgery-to-stored-xss-and-pricing-table-deletion</loc>
<lastmod>2026-04-14T23:28:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-facebook-connect/nextend-facebook-connect-3119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-content-scrollbar/custom-content-scrollbar-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-basics/wp-basics-20-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-data-table/posts-table-with-search-sort-1410-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kargo-entegrator/kargo-entegratr-1114-authenticated-shop-manager-sql-injection</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideoptinprox/slideoptinprox-unspecified-version-cross-site-scripting</loc>
<lastmod>2015-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-online-courses-quizzes-learning-4192-authenticated-teacher-user-email-disclosure</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe-shortcode/iframe-shortcode-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-filterable-portfolio/awesome-filterable-portfolio-19-blind-sql-injection</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tom-m8te/tom-m8te-153-directory-traversal</loc>
<lastmod>2014-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobcareer/jobcareer-job-board-responsive-wordpress-theme-24-user-enumeration</loc>
<lastmod>2018-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha/captcha-381-captcha-bypass</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zota/zota-1314-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lisfinity-core/lisfinity-core-lisfinity-core-plugin-used-for-pebas-lisfinity-wordpress-theme-140-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-10-08T15:16:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sales-page-addon/sales-page-addon-elementor-beaver-builder-145-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-log/wp-mail-log-112-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gn-xml-sitemap/google-xml-news-sitemap-plugin-002-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-smtp/fluentsmtp-wp-smtp-plugin-with-amazon-ses-sendgrid-mailgun-postmark-google-and-any-smtp-provider-2282-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-blogger-to-wordpress-301-redirector/seo-blogger-to-wordpress-migration-using-301-redirection-048-reflected-cross-site-scripting</loc>
<lastmod>2025-01-22T22:54:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-and-post-restriction/page-restriction-wordpress-wp-protect-wp-pagespost-134-protection-mechanism-bypass</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/better-messages-199148-cross-site-request-forgery</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jvm-rich-text-icons/jvm-rich-text-icons-126-directory-traversal-to-authenticatedsubscriber-arbitrary-file-deletion</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-247-subscriber-stored-cross-site-scripting</loc>
<lastmod>2021-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-1112-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careerfy/careerfy-390-cross-site-scripting</loc>
<lastmod>2020-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/woocommerce-store-exporter-231-csv-injection</loc>
<lastmod>2020-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/madara/madara-responsive-and-modern-wordpress-theme-for-manga-sites-222-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/wpbot-ai-chatbot-for-live-support-lead-generation-ai-services-797-missing-authorization</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sully/sully-430-cross-site-request-forgery-to-plugin-reset</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ie-css3-support/ie-css3-support-201-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-widgets-pack/cryptocurrency-widgets-pack-20-unauthenticated-sql-injection</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension-410-insecure-direct-object-reference</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-lite/easy-contact-form-lite-1128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-169-authenticated-administrator-path-traversal-to-arbitrary-file-deletion-via-file-parameter</loc>
<lastmod>2026-02-17T21:55:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-ecommerce-tracking-for-google-and-facebook/woocommerce-enhanced-ecommerce-analytics-integration-with-conversion-tracking-371-cross-site-request-forgery</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neoforum/neoforum-10-reflected-cross-site-scripting</loc>
<lastmod>2026-01-10T14:48:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixel-gallery/pixel-gallery-addons-for-elementor-easy-grid-creative-gallery-drag-and-drop-grid-custom-grid-layout-portfolio-gallery-167-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-translator/global-translator-202-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-chatgpt-chatbot-1998-unauthenticated-arbitrary-file-upload-via-rest_upload</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sexbundle/sexbundle-14-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tabs/jettabs-223-authenticated-contributor-arbitrary-local-file-inclusion</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joan/jock-on-air-now-561-reflected-cross-site-scripting</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-restaurant-menu-by-pricelisto/best-restaurant-menu-by-pricelisto-141-authenticated-contributor-sql-injection</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-view-gallery/grid-view-gallery-10-authenticated-editor-php-object-injection</loc>
<lastmod>2024-11-20T13:41:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vdz-call-back/vdz-callback-plugin-1146-cross-site-scripting</loc>
<lastmod>2021-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1233-race-condition-to-multiple-poll-voting</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-with-razorpay/sale-with-razorpay-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-online-users-stats/wp-online-users-stats-100-cross-site-request-forgery-to-stored-cross-site-scripting-via-hk_dataset_results-function</loc>
<lastmod>2025-06-05T17:51:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-542-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-412-authentication-bypass</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2444-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-07-17T19:38:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fwduvp/ultimate-video-player-101-missing-authorization</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1387-cross-site-request-forgery-via-remove_from_compare</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-capture/wordpress-email-marketing-plugin-wp-email-capture-310-missing-authorization-to-email-capture-list-download</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-213-insecure-direct-object-reference-to-authenticated-employee-privilege-escalation-via-externalid-parameter</loc>
<lastmod>2026-04-06T18:13:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wemanage-app-worker/management-app-for-woocommerce-order-notifications-order-management-lead-management-uptime-monitoring-122-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-google-docs-vimeo-wistia-embed-youtube-videos-audios-maps-embed-any-documents-in-gutenberg-elementor-3914-authenticated-contributor-stored-cross-site-scripting-via-youtube-block</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social/wp-social-login-and-register-social-counter-307-authentication-bypass-via-wordpresscom-oauth-provider</loc>
<lastmod>2024-10-25T23:52:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-2516-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recaptcha/wp-recaptcha-2982-multiple-cross-site-request-forgery</loc>
<lastmod>2011-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/displayproduct/product-catalog-catalog-for-wordpress-104-unauthenticated-sql-injection</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publish-to-schedule/publish-to-schedule-442-cross-site-request-forgery-leading-to-plugin-option-changes</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-334-agent-stored-cross-site-scripting</loc>
<lastmod>2021-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beam-me-up-scotty/beam-me-up-scotty-back-to-top-button-1023-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-checker/sc-filechecker-06-authenticated-admin-arbitrary-file-deletion</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-557-cross-site-scripting</loc>
<lastmod>2015-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-booking-manager/designthemes-booking-manager-20-missing-authorization</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3357-incorrect-authorization-to-authenticated-contributor-sensitive-information-exposure-via-elementor-template</loc>
<lastmod>2026-03-25T17:26:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-addons-for-visual-composer/mega-addons-for-wpbakery-page-builder-427-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-photos-media-sell-with-paypal-stripe-2817-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-team/team-members-344-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-google-analytics-extension/mainwp-google-analytics-extension-404-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega_main_menu/mega-main-menu-222-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ketchup-restaurant-reservations/ketchup-restaurant-reservations-100-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedstories/embedstories-074-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amr-ical-events-list/amr-ical-events-lists-66-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-payment-form/simple-payment-donations-420-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opensheetmusicdisplay/opensheetmusicdisplay-140-authenticated-contributor-stored-cross-site-scripting-via-classname-parameter</loc>
<lastmod>2025-05-29T21:20:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2155-authenticated-contributor-stored-cross-site-scripting-via-accordion-widget</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-3110-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagination/pagination-by-bestwebsoft-122-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/glossy-blog/glossy-blog-103-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-subscriptions/woocommerce-subscriptions-512-missing-authorization-to-insecure-direct-object-reference</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-addons-165-authenticated-contributor-stored-cross-site-scripting-via-accordion-repeater-block-attribute</loc>
<lastmod>2025-11-17T19:39:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-423-missing-authorization-cross-site-request-forgery</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/wp-rss-aggregator-news-feeds-autoblogging-youtube-video-feeds-and-more-463-authorization-bypass</loc>
<lastmod>2014-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yml-for-yandex-market/yml-for-yandex-market-472-reflected-cross-site-scripting</loc>
<lastmod>2024-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-field-editor/checkout-field-editor-premium-175-cross-site-request-forgery</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-load-for-videos/lazy-load-for-videos-2182-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recaptcha-integration/recaptcha-integration-for-wordpress-127-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supra-csv-parser/supra-csv-403-stored-cross-site-scripting-via-cross-site-request-forgery</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solace-extra/solace-extra-131-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inspectlet-heatmaps-and-user-session-recording/inspectlet-user-session-recording-and-heatmaps-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tapfiliate/tapfiliate-3012-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-552-missing-authorization-to-arbitrary-group-option-modification-and-privilege-escalation</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zippy/zippy-170-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-google-calendar/pretty-google-calendar-172-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-power-bi/power-bi-embedded-for-wordpress-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attesa-extra/attesa-extra-147-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sitemap/wp-sitemap-10-authenticated-contributor-sql-injection</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/court-reservation/court-reservation-manage-your-court-bookings-online-11011-unauthenticated-sql-injection</loc>
<lastmod>2026-05-12T10:05:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-woocommerce-builder-edd-builder-elementor-store-builder-product-grid-product-table-woocommerce-slider-241-cross-site-request-forgery-to-limited-user-meta-update</loc>
<lastmod>2025-04-30T14:30:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-slider/block-slider-223-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-bookmarking/wp-social-bookmarking-36-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multisite-content-copier/multisite-content-copierupdater-140-reflected-cross-site-scripting</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-database/database-for-contact-form-7-306-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-importer/thegem-demo-import-for-wpbakery-5105-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-logic/widget-logic-5102-cross-site-request-forgery</loc>
<lastmod>2019-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-20993-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobify/jobify-job-board-wordpress-theme-430-cross-site-request-forgery</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform-pro/metform-pro-397-unauthenticated-payment-amount-manipulation-via-mf-calculation</loc>
<lastmod>2026-04-14T19:59:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2742-authenticatedcontributor-stored-cross-site-scripting-via-audio-widget</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-blocks/b-blocks-205-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/phlox/phlox-2177-authenticated-contributor-stored-cross-site-scripting-via-data-caption-html-attribute</loc>
<lastmod>2026-01-05T17:35:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/appointment-and-event-booking-calendar-for-wordpress-amelia-1047-information-disclosure-and-sms-spam</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spock/spock-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-api-user/json-api-user-393-unauthenticated-privilege-escalation</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-report-post/wp-report-post-212-reflected-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ui-slider-filter-by-price/ui-slider-filter-by-price-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/sirv-712-missing-authorization-via-sirv_disconnect</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/easy-drag-and-drop-all-import-wp-ultimate-csv-importer-381-cross-site-scripting</loc>
<lastmod>2015-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-2042-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-404-error-page-to-homepage-or-custom-page/redirect-404-error-page-to-homepage-or-custom-page-with-logs-178-log-deletion-via-cross-site-request-forgery</loc>
<lastmod>2021-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donorbox-donation-form/donorbox-free-recurring-donation-form-716-cross-site-scripting</loc>
<lastmod>2022-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepeople-post-map/google-maps-cp-1043-cross-site-request-forgery-via-feedback_action</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/court-reservation/court-reservation-11011-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wecantrack/affiliate-sales-in-google-analytics-and-other-tools-200-open-redirect</loc>
<lastmod>2025-05-20T20:30:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-13987-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/colormag/colormag-316-authenticated-contributor-stored-cross-site-scripting-via-display-name</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coldfusion/coldfusion-responsive-fullscreen-video-image-audio-theme-12-arbitrary-file-upload</loc>
<lastmod>2013-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/ultimate-addons-for-elementor-formerly-elementor-header-footer-builder-246-missing-authorization-to-authenticated-subscriber-limited-settings-update</loc>
<lastmod>2025-08-01T20:50:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-travel/travel-management-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-06-14T09:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19952-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-functional-flexi-lightbox/multi-functional-flexi-lightbox-12-authenticated-admin-stored-cross-site-scripting-via-message-parameter</loc>
<lastmod>2026-03-20T15:13:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-click-to-tweet/better-click-to-tweet-5101-reflected-cross-site-scripting</loc>
<lastmod>2022-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1075-missing-authorization</loc>
<lastmod>2025-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editor-custom-color-palette/editor-custom-color-palette-348-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/member-access/member-access-116-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2025-01-06T16:05:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yotuwp-easy-youtube-embed/video-gallery-youtube-playlist-channel-gallery-by-yotuwp-1313-authenticated-contributor-arbitrary-file-inclusion-via-shortcode</loc>
<lastmod>2024-06-14T20:13:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-integration-freshworks-any-form/integration-for-freshsales-1015-unauthenticated-stored-cross-site-scripting-via-form-submission-data</loc>
<lastmod>2026-06-05T12:22:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-133-missing-authorization-via-save_settings</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fitness-park/fitness-park-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spirit-framework/spirit-framework-1214-authentication-bypass-to-account-takeover-and-privilege-escalation</loc>
<lastmod>2025-10-02T19:26:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/bp-better-messages-240-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-710-authenticated-subscriber-information-disclosure-via-shortcode</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendi/calendi-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/user-frontend-ai-powered-frontend-posting-user-directory-profile-membership-user-registration-428-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-29281-authenticated-subscriber-stored-cross-site-scripting-via-form-title</loc>
<lastmod>2026-03-10T21:09:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-coming-soon/fat-cooming-soon-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-decaf/event-espresso-4-decaf-5028decaf-cross-site-request-forgery</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-for-campaign-monitor/campaign-monitor-for-wordpress-2812-reflected-cross-site-scripting</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-5263-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-altcoin-payment-gateway/bitcoin-altcoin-payment-gateway-for-woocommerce-172-unauthenticated-sql-injection</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/woocommerce-social-login-282-cross-site-request-forgery</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-by-azexo/page-builder-by-azexo-127133-cross-site-request-forgery-to-post-creationmodificationdeletion</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-posts-webcam-recorder/video-posts-webcam-recorder-324-cross-site-scripting</loc>
<lastmod>2021-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexmls-idx/flexmls-idx-3157-unauthenticated-open-redirect</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12110-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2022-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/steam-group-viewer/steam-group-viewer-21-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-friendly-app-builder-by-easytouch/how-to-create-an-app-for-android-iphone-easytouch-30-missing-authorization</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patron-button-and-widgets-by-codebard/codebards-patron-button-and-widgets-for-patreon-219-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zalomeni/zalomen-15-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-js-impress/impress-014-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-fifu-527-authenticated-contributor-stored-cross-site-scripting-via-featured-image-custom-fields</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-execution-plugin/php-execution-100-cross-site-request-forgery</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pipes/wp-pipes-143-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazing-service-box-visual-composer-addons/amazing-service-box-addons-for-wpbakery-page-builder-200-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-03-25T14:11:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/create-with-code/create-with-code-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-full-stripe-free/wp-full-stripe-free-7017-cross-site-request-forgery</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager/wp-job-manager-240-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-data-migrator/penci-soledad-data-migrator-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-05-16T13:59:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-restaurant-reservations/restaurant-reservations-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-217-missing-authorization-to-authenticated-subscriber-assistant-addition</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-page-builder-lite-562-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-651-missing-authorization-via-hide_free_sidebar</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-3030-html-injection</loc>
<lastmod>2017-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aeropage-sync-for-airtable/aeropage-sync-for-airtable-320-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.1/wordpress-core-511-cross-site-request-forgery-to-cross-site-scripting-via-comments</loc>
<lastmod>2019-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qtranslate-slug/qtranslate-slug-1116-reflected-cross-site-scripting</loc>
<lastmod>2015-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpguppy-lite/wpguppy-110-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-wordpress-351-unauthenticated-privilege-escalation-to-administrator</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-webrtc-hls-rtsp-rtmp-713-authenticated-admin-remote-code-execution</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2100-unauthenticated-stored-cross-site-scripting-via-hidden-product-field-in-repeater</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ns-maintenance-mode-for-wp/ns-maintenance-mode-for-wp-131-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careplus/careplus-health-medical-responsive-wordpress-theme-12-cross-site-scripting</loc>
<lastmod>2020-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-log/wp-mail-log-101-cross-site-request-forgery</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oneline-lite/oneline-lite-66-missing-authorization</loc>
<lastmod>2026-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-249-authenticatedadministrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kindeditor-for-wordpress/kindeditor-for-wordpress-14-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/datalogics/datalogics-ecommerce-delivery-datalogics-2662-unauthenticated-privilege-escalation</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-slider/image-slider-by-ays-responsive-slider-and-carousel-250-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-clear_uucss_logs</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatra-live-chat/chatra-live-chat-chatbot-cart-saver-1011-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-paypal-add-on/easy-paypal-stripe-buy-now-button-183-contact-form-7-paypal-stripe-add-on-21-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-3816-e-mail-address-disclosure</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/design-approval-system/design-approval-system-36-cross-site-scripting</loc>
<lastmod>2013-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extendons-registration-fields/woocommerce-registration-fields-plugin-custom-signup-fields-323-reflected-cross-site-scripting</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotify-play-button-for-wordpress/spotify-play-button-for-wordpress-211-authenticated-contributor-stored-cross-site-scripting-via-spotifyplaybutton-shortcode</loc>
<lastmod>2024-11-25T19:39:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prime-listing-manager/prime-listing-manager-11-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/wordpress-classifieds-plugin-ad-directory-listings-by-awp-classifieds-331-cross-site-scripting</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-2250-missing-authorization-to-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/labinator-content-types-duplicator/labinator-content-types-duplicator-113-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link/shortlinks-by-pretty-links-362-reflected-cross-site-scripting-via-post_status</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/empowerwp/empowerwp-1021-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/indeed-membership-pro-73-86-authentication-bypass</loc>
<lastmod>2020-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-users-data-csv/export-users-data-csv-21-authenticated-subscriber-csv-injection</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/intothedark/intothedark-105-reflected-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-coming-soon/ultimate-coming-soon-maintenance-109-missing-authorization-to-unauthenticated-template-activation</loc>
<lastmod>2024-12-05T19:35:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.3/wordpress-core-56-631-reflected-cross-site-scripting-via-application-password-requests</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-chocolate/chocolate-wp-responsive-photography-theme-all-versions-arbitrary-file-upload</loc>
<lastmod>2013-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-and-share/search-and-share-093-cross-site-scripting</loc>
<lastmod>2013-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-google-analytics-dashboard-for-wordpress-532-stored-cross-site-scripting</loc>
<lastmod>2015-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/legal-stone/legal-stone-1211-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-advanced-database/contact-form-advanced-database-108-missing-authorization</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-147-reflected-cross-site-scripting</loc>
<lastmod>2021-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formilla-chat-and-marketing/formilla-chat-and-marketing-automation-10-authenticated-administrator-cross-site-scripting-via-formillatoolsid</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-contact-forms/custom-contact-forms-plugin-5102-reflected-cross-site-scripting</loc>
<lastmod>2012-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rosalinda/rosalinda-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-bookings/woocommerce-bookings-203-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribers-text-counter/subscribers-text-counter-17-cross-site-request-forgery-to-settings-update-and-cross-site-scripting</loc>
<lastmod>2023-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcoder/shortcoder-63-missing-authorization</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-free-template-library-grid-carousel-table-parallax-animation-register-form-twitter-grid-532-authenticated-contributor-stored-cross-site-scripting-via-custom-gallery-widget</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-for-music-radio-podcast-by-sonaar-58-missing-authorization</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xllentech-english-islamic-calendar/xllentech-english-islamic-calendar-267-sql-injection</loc>
<lastmod>2021-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-soononline-page/wpsoononlinepage-19-cross-site-request-forgery</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-store/music-store-wordpress-ecommerce-1113-authenticated-admin-sql-injection</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/premium-packages-605-authenticated-administrator-sql-injection</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-572-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2024-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-helpdesk-support-ticket-system/happy-109-missing-authorization</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onionbuzz-viral-quiz/viral-quiz-maker-onionbuzz-122-sql-injection</loc>
<lastmod>2019-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-bubble/chat-bubble-23-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3110-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaymail/yaymail-432-missing-authorization-to-authenticated-shop-manager-plugin-installation-and-activation</loc>
<lastmod>2026-02-17T18:55:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/accio/accio-responsive-onepage-parallax-agency-wordpress-theme-110-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wsanalytics-google-analytics-and-dashboards/wsanalytics-112-reflected-cross-site-scripting</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-30-unauthenticated-arbitrary-file-uploaddownload</loc>
<lastmod>2018-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-menu/responsive-menu-417-missing-authorization-checks</loc>
<lastmod>2022-03-16T11:48:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/amoveo/amoveo-multipurpose-wordpress-theme-20-arbitrary-file-upload</loc>
<lastmod>2013-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cds-simple-seo/simple-seo-2031-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reina/reina-21-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinynav/tinynav-14-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-266-arbitrary-file-upload</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1254-unauthorized-settings-update</loc>
<lastmod>2022-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crowdfunding-for-woocommerce/crowdfunding-for-woocommerce-3114-authenticated-contributor-stored-cross-site-scripting-via-width-parameter</loc>
<lastmod>2025-07-17T16:28:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro-mediamanager/media-manager-for-userpro-3120-missing-authorization-to-unauthenticated-arbitrary-options-update</loc>
<lastmod>2025-01-30T00:49:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-338-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-orders-ei/woocommerce-orders-customers-exporter-54-missing-authorization</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-4310-unauthenticated-information-exposure</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-show-and-hide-box/flash-show-and-hide-box-16-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-by-bestwebsoft-334-cross-site-scripting</loc>
<lastmod>2013-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-publisher-desk-ads-txt/the-publisher-desk-adstxt-150-missing-authorization</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghostkit/ghost-kit-343-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-17T20:48:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0896-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-custom-social-share-by-codebard/fast-custom-social-share-by-codebard-112-cross-site-request-forgery</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stockholm-core/stockholm-core-246-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-4410-open-redirect-and-reflected-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2711-authenticated-admin-remote-code-execution</loc>
<lastmod>2022-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html2wp/html2wp-100-arbitrary-file-upload</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/wp-google-review-slider-115-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator/seraphinite-accelerator-22047-unauthenticated-sensitive-information-exposure-via-log-file</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-740-missing-authorization</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-membership-plugin-content-restriction-member-levels-user-profile-user-signup-4026-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3221-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-530-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-512-insecure-direct-object-reference-to-unauthenticated-limited-user-deletion</loc>
<lastmod>2026-02-25T13:29:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-mollie/mollie-for-contact-form-7-500-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T12:00:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ratatouille/ratatouille-126-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child/mainwp-child-2027-multiple-cross-site-scripting</loc>
<lastmod>2015-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-tweets-widget-184-cross-site-request-forgery</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-104-cross-site-scripting</loc>
<lastmod>2017-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-gutenberg-based-page-builder-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T20:32:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-636-missing-authorization-to-unauthenticated-role-demotion</loc>
<lastmod>2026-01-15T15:56:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-export-for-woocommerce/import-export-for-woocommerce-162-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-11-03T16:00:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-lightbox-slider/gallery-lightbox-10039-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hurrytimer/hurrytimer-2112-authenticated-contributor-stored-cross-site-scripting-via-campaign-name</loc>
<lastmod>2025-02-13T21:00:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandconference/grand-conference-534-reflected-cross-site-scripting</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-42152-cross-site-request-forgery</loc>
<lastmod>2020-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelliwidget-elements/intelliwidget-elements-227-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-google-map-plugin-409-cross-site-request-forgery-to-php-object-injection</loc>
<lastmod>2019-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-facethumb/wp-facethumb-02-cross-site-scripting</loc>
<lastmod>2012-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-admin-interface/wp-custom-admin-interface-732-cross-site-request-forgery-to-transients-deletion</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockonomics-bitcoin-payments/wordpress-bitcoin-payments-blockonomics-32-reflected-cross-site-scripting</loc>
<lastmod>2021-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/kali-forms-211-cross-site-request-forgery</loc>
<lastmod>2020-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/you-shang/-you-shang-101-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.2/wordpress-core-223-wordpress-mu-125a-sql-injection</loc>
<lastmod>2007-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adirectory/adirectory-wordpress-directory-listing-plugin-165-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-289-email-verification-bypass-due-to-insufficient-randomness</loc>
<lastmod>2024-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-booking-calendar-1560-authenticated-administrator-stored-cross-site-scripting-via-minmax-length-field-configuration</loc>
<lastmod>2026-01-27T17:18:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-manager/wp-event-manager-3149-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thesis-openhook/openhook-431-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sala/sala-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tweet/simple-tweet-1402-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verowa-connect/verowa-connect-301-unauthenticated-sql-injection</loc>
<lastmod>2024-12-05T21:14:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kratz/kratz-1012-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quote-tweet/quote-tweet-07-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apply-online/applyonline-application-form-builder-and-manager-255-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentmx-content-publisher/contentmx-content-publisher-106-cross-site-request-forgery</loc>
<lastmod>2025-10-02T22:17:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-database-applications-by-caspio/custom-database-applications-by-caspio-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-referrer-spam/stop-referrer-spam-130-cross-site-request-forgery-via-processparameters</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pos/wcpos-point-of-sale-pos-plugin-for-woocommerce-1814-missing-authorization</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe-widget/iframe-widget-41-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-cover-carousel/3d-cover-carousel-10-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T20:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-4295-arbitrary-file-readdeletion</loc>
<lastmod>2014-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pricing-tables/pricing-tables-wordpress-plugin-easy-pricing-tables-325-reflected-cross-site-scripting</loc>
<lastmod>2024-10-29T16:31:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gnucommerce/gnucommerce-057-beta-cross-site-scripting</loc>
<lastmod>2016-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-1716-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10253-cross-site-request-fogery-via-cp_shortcode_refresh</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auction-nudge/auction-nudge-your-ebay-on-your-site-720-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agreeme-checkboxes-for-woocommerce/agreeme-checkboxes-for-woocommerce-113-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-223-restriction-bypass</loc>
<lastmod>2007-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdpa-thailand/designil-pdpa-thailand-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/answer-my-question/answer-my-question-13-sql-injection</loc>
<lastmod>2016-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-1695-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-05T15:10:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mystique/mystique-257-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-663-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-23T19:02:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oracle-cards/oracle-cards-lite-121-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rt-easy-builder-advanced-addons-for-elementor/rt-easy-builder-advanced-addons-for-elementor-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-23T14:07:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminify/wp-adminify-317-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b1-accounting/b1lt-for-woocommerce-2256-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-17T16:36:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-396-cross-site-request-forgery-to-order-title-update</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-176-sql-injection</loc>
<lastmod>2021-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.1/wordpress-core-212-cross-site-scripting</loc>
<lastmod>2007-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3397-authenticated-subscriber-privilege-escalation-via-user-meta-update</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-639-cross-site-request-forgery</loc>
<lastmod>2022-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-hubspot/integration-for-contact-form-7-hubspot-128-open-redirect-via-state-parameter</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-csv-importer/easy-csv-importer-beta-700-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knews/knews-multilingual-newsletters-110-reflected-cross-site-scripting</loc>
<lastmod>2018-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-link-to-facebook/add-link-to-facebook-1215-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-253-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fooevents/fooevents-for-woocommerce-1204-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-132-remote-code-execution</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12315-authenticatedadministrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2024-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-mastodon-feed/include-mastodon-feed-199-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-gdpr-compliance/gdpr-ccpa-compliance-support-271-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-102-insecure-direct-object-reference-to-unauthenticated-privilege-escalation-via-email-update</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vidshop-for-woocommerce/vidshop-shoppable-videos-for-woocommerce-114-unauthenticated-time-based-sql-injection-via-fields</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-3362-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-easy-calendar/event-easy-calendar-100-multiple-cross-site-request-forgery</loc>
<lastmod>2013-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaguemanager/leaguemanager-405-sql-injection</loc>
<lastmod>2015-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogchat-chat-system/blogchat-chat-system-1363-cross-site-request-forgery-to-stored-cross-site-scripting-via-settings-update</loc>
<lastmod>2026-05-19T12:06:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-categories-widget/wp-categories-widget-22-reflected-cross-site-scripting</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-uploader-for-woocommerce/file-uploader-for-woocommerce-104-unauthenticated-path-traversal</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2115-reflected-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-player-for-woocommerce/music-player-for-woocommerce-10172-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/meris/meris-112-reflected-cross-site-scripting</loc>
<lastmod>2024-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sucuri-scanner/sucuri-security-1833-cross-site-request-forgery</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpematico/wpematico-rss-feed-fetcher-2611-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-manage-fraud-orders/woo-manage-fraud-orders-261-unauthenticated-information-exposure-via-log-files</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-41514-authenticated-admin-stored-cross-site-scripting-via-product-files</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal-analytics-injector/universal-analytics-injector-103-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truelysell-core/truelysell-core-186-unauthenticated-arbitrary-user-password-change</loc>
<lastmod>2025-10-15T17:59:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acymailing/acymailing-an-ultimate-newsletter-plugin-and-marketing-automation-solution-for-wordpress-9110-reflected-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optin/wowoptin-1437-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emails-verification-for-woocommerce/customer-email-verification-for-woocommerce-294-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-02-14T20:00:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-showcase-ultimate/logo-showcase-ultimate-logo-carousel-logo-slider-logo-grid-138-authenticatedcontributor-php-object-injection</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autogen-headers-menu/autogen-headers-menu-101-authenticated-contributor-stored-cross-site-scripting-via-head_class-shortcode-parameter</loc>
<lastmod>2026-01-08T21:56:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokbox/wordpress-rokbox-213-sensitive-data-disclosure</loc>
<lastmod>2012-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-plus/grid-plus-133-authenticated-subscriber-local-file-inclusion-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-743-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-340-missing-authorization-via-submit</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-chocolate/chocolate-wp-responsive-photography-theme-all-versions-denial-of-service-and-abuse-of-functionality</loc>
<lastmod>2013-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-poll/responsive-poll-176-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2017-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloud/wp-cloud-143-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modify-comment-fields/comment-fields-103-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/play-ht/playht-364-missing-authorization</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-446-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/user-feedback-create-interactive-feedback-form-user-surveys-and-polls-in-seconds-1013-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-elementor/mega-addons-for-elementor-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-1337-unauthenticated-sql-injection</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360-sphere-images/360-photo-spheres-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-01T18:50:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/semalt/semalt-blocker-113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rrssb/rrssb-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-sticky-sidebar/wordpress-cta-158-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formlift/formlift-for-infusionsoft-web-forms-7521-missing-authorization-to-unauthenticated-infusionsoft-connection-hijack-via-oauth-connection-flow</loc>
<lastmod>2026-03-25T14:51:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-popup/newsletter-popup-12-cross-site-request-forgery-to-subscriber-deletion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-450-directory-traversal</loc>
<lastmod>2016-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-293-unauthenticated-security-token-exposure-via-user-agent-header</loc>
<lastmod>2026-04-01T19:07:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-joomag/wp-joomag-252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donorbox-donation-form/donorbox-711-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdbspringclean/wpdbspringclean-16-reflected-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bot-for-telegram-on-woocommerce/bot-for-telegram-on-woocommerce-127-authenticated-subscriber-telegram-bot-token-disclosure-to-authentication-bypass</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oz-canonical/oz-canonical-05-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-150-cross-site-request-forgery</loc>
<lastmod>2021-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-manutencao/wordpress-manuteno-106-ip-spoofing-to-maintenance-mode-bypass</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bukazu-search-widget/bukazu-search-widget-332-authenticated-contributor-stored-cross-site-scripting-via-shortcode-shortcode-attribute</loc>
<lastmod>2025-12-11T14:31:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-136-authenticated-contributor-stored-cross-site-scripting-via-counter-block</loc>
<lastmod>2025-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-myparcel-belgium/wc-myparcel-belgium-455-beta-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-calendar-for-elementor/simple-calendar-for-elementor-164-cross-site-request-forgery</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-static/simply-static-313-unauthenticated-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-applicantstack-jobs-display/wp-applicantstack-jobs-display-111-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-08T15:06:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3270-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/storefront-footer-text/storefront-footer-text-101-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realtycandy-idx-broker-extended/realtycandy-idx-broker-extended-151-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-2321-missing-authorization-via-send_test_email</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-71117-sql-injection</loc>
<lastmod>2020-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uichemy/uichemy-400-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/car-rental-manager/car-rental-manager-109-missing-authorization</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xqueue-maileon/maileon-2160-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-easy-quiz-and-survey-maker-1034-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-attachments-shortcode/list-attachments-shortcode-041a-authenticated-author-stored-cross-site-scripting-via-list-attachments-shortcode</loc>
<lastmod>2025-12-05T17:35:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-portfolio-post/themify-portfolio-post-120-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/konte/konte-246-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-315-php-object-injection</loc>
<lastmod>2019-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elisqlreports/ez-sql-reports-shortcode-widget-and-db-backup-52511-authenticated-contributor-stored-cross-site-scripting-via-sqlreport-shortcode</loc>
<lastmod>2025-06-28T16:21:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/x-addons-elementor/x-addons-for-elementor-1023-missing-authorization</loc>
<lastmod>2026-01-14T06:04:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipe-card-blocks-by-wpzoom/recipe-card-blocks-lite-3413-authenticated-author-stored-cross-site-scripting-via-summary-and-notes</loc>
<lastmod>2026-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dominion-domain-checker-wpbakery-addon/dominion-domain-checker-for-wpbakery-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T19:03:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/wp-easycart-548-cross-site-request-forgery-via-process_bulk_deactivate_product</loc>
<lastmod>2023-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genki-announcement/genki-announcement-141-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trinity-audio/trinity-audio-5202-reflected-cross-site-scripting</loc>
<lastmod>2025-10-03T14:29:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debatemaster/debatemaster-100-authenticated-administrator-stored-cross-site-scripting-via-color-options-via-debate-shortcode</loc>
<lastmod>2025-12-11T14:29:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hummingbird-performance/hummingbird-391-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alo-easymail/alo-easymail-newsletter-2601-cross-site-request-forgery</loc>
<lastmod>2016-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-sentinel/wordpress-sentinel-100-cross-site-scripting</loc>
<lastmod>2011-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/api2cart-bridge-connector/api2cart-bridge-connector-110-arbitrary-code-execution</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hslide/hero-slider-wordpress-slider-plugin-135-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.9/wordpress-69-691-missing-authorization-to-authenticated-subscriber-arbitrary-note-creation-via-rest-api</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterslider/master-slider-pro-365-authenticated-editor-sql-injection</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusedesk/fusedesk-661-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T21:06:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portugal-ctt-tracking-woocommerce/portugal-ctt-tracking-for-woocommerce-21-reflected-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-2415-authenticated-contributor-stored-cross-site-scripting-via-gallery-custom-url</loc>
<lastmod>2024-06-13T17:03:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebay-feeds-for-wordpress/wp-ebay-product-feeds-11-cross-site-scripting</loc>
<lastmod>2014-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3351-missing-authorization-to-authenticated-contributor-media-file-protection-removal</loc>
<lastmod>2026-04-09T12:00:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reamaze/reamaze-helpdesk-live-chat-125-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonial-rotator/easy-testimonial-slider-and-form-1015-unauthenticated-reflected-cross-site-scripting-via-search_term</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fediverse-embeds/fediverse-embeds-157-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-490-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-01-10T05:40:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-framework-1124-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/l-squared-hub-wp-virtual-device/l-squared-hub-wp-10-authenticated-contributor-sql-injection</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-responsive-photo-gallery-image-viewer-justified-masonry-carousel-2431-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popupally/popupally-210-cross-site-request-forgery-via-optin_submit_callback</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravityforms-1819-arbitrary-file-upload</loc>
<lastmod>2015-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kcaptcha/kcaptcha-101-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-04-21T19:07:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vgw-metis/vg-wort-metis-201-missing-authorization</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dricub-driving-school/dricub-29-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-867-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-core/royal-core-292-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-01-30T00:56:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alphabetic-pagination/alphabetic-pagination-321-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-suggest/site-suggest-139-missing-authorization</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trust-reviews/trust-reviews-plugin-for-google-tripadvisor-yelp-airbnb-and-other-platforms-10-cross-site-request-forgery</loc>
<lastmod>2025-09-26T18:34:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-3137-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tradedoubler-affiliate-tracker/grow-by-tradedoubler-2021-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-200-sql-injection</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/do-that-task/do-that-task-155-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popcashnet-code-integration-tool/popcashnet-code-integration-tool-18-missing-authorization</loc>
<lastmod>2026-01-11T08:26:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-51104-cross-site-request-forgery</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-1120-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gutenberg-products-block/woocommerce-blocks-55-authenticated-blind-sql-injection</loc>
<lastmod>2021-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-datepicker/contact-form-7-datepicker-260-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-order-statuses-for-woocommerce/custom-order-statuses-for-woocommerce-152-cross-site-request-forgery</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/setsail/setsail-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-widgets/astra-widgets-1215-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo-premium/yoast-seo-premium-257-259-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crudlab-facebook-like-box/crudlab-like-box-209-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trackship-for-woocommerce/trackship-for-woocommerce-191-authenticated-shop-manager-sql-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemapper/imagemapper-126-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/honeypot/wp-armour-honeypot-anti-spam-2113-reflected-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-editor/theme-editor-271-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/jetsearch-3516-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dashboard-notes/wp-dashboard-notes-1010-insecure-direct-object-references-to-authenticated-private-note-deletion</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-331-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-11-20T18:41:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-so/if-so-dynamic-content-personalization-171-missing-authorization</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dwell/dwell-170-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-githuber-md/wp-githuber-md-1162-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird-document-library/filebird-document-library-206-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-pop-up-banners/cm-popup-plugin-for-wordpress-popup-maker-165-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-store-elements/meta-store-elements-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipospays-gateways-wc/ipospays-gateways-wc-137-unauthenticated-missing-authorization-to-settings-update-via-rest-api-endpoint</loc>
<lastmod>2026-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-helpdesk-support-ticket-system/happy-helpdesk-support-ticket-system-106-missing-authorization</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/htaccess-file-editor/htaccess-file-editor-1018-missing-authorization</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dmsguestbook/dmsguestbook-180-directory-traversal</loc>
<lastmod>2008-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6598-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ksher-payment/ksher-112-missing-authorization</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-manager/booking-manager-2117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-facebook-popup-likebox/popup-like-box-page-plugin-352-cross-site-scripting</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-feed-to-post-autoblogging-news-youtube-video-feeds-aggregator-432-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/opor-ayam/opor-ayam-18-reflected-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aweos-wp-lock/aweos-wp-lock-148-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-380-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-412-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-2235-reflected-cross-site-scripting</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blackhole-bad-bots/blackhole-for-bad-bots-38-unauthenticated-stored-cross-site-scripting-via-user-agent-http-header</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwp-client/infinitewp-client-137-php-object-injection</loc>
<lastmod>2014-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-comments-by-status/delete-comments-by-status-211-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-244-authenticated-contributor-stored-cross-site-scripting-via-post-carousel-widget</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiny-contact-form/tiny-contact-form-07-cross-site-request-forgery</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-388-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1064-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2023-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-171017-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abbs-bing-search/bing-search-api-integration-033-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-to-top-builder/scroll-top-wordpress-scroll-to-top-133-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-819-stored-cross-site-scripting</loc>
<lastmod>2020-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sagepay-direct-for-woocommerce-payment-gateway/woocommerce-sagepay-direct-payment-gateway-0167-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist/wishlist-210-reflected-cross-site-scripting</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-prices/wholesale-suite-215-cross-site-request-forgery</loc>
<lastmod>2022-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-6314-stored-cross-site-scripting</loc>
<lastmod>2016-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-tool/debug-tool-22-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker/leaflet-maps-marker-3126-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7111-authenticatedcontributor-arbitrary-file-upload-via-ajax_import_options</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/event-manager-events-calendar-booking-registrations-and-tickets-eventin-4037-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-08-22T17:41:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-1251-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-privacy-for-elementor/extra-privacy-for-elementor-013-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xelion-webchat/xelion-webchat-910-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-view/link-view-080-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialdriver-framework/swift-framework-202400-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-facebook/spider-facebook-1015-reflected-cross-site-scripting</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-messages-for-wordpress/private-messages-for-wordpress-2110-stored-cross-site-scripting</loc>
<lastmod>2022-05-26T12:13:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-portfolio/visual-portfolio-photo-gallery-post-grid-2180-contributor-css-injection</loc>
<lastmod>2022-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-6920-reflected-cross-site-scripting</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-wc-product-filter/themify-woocommerce-product-filter-143-cross-site-request-forgery</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-602-reflected-cross-site-scripting-via-poll_id-parameter</loc>
<lastmod>2019-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-comments/subscribe-to-comments-23-reflected-cross-site-scripting</loc>
<lastmod>2024-10-29T14:20:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpress/sendpress-newsletters-12-authenticated-sql-injection</loc>
<lastmod>2015-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoblocks-grid-gallery/gallery-photoblocks-1142-reflected-cross-site-scripting</loc>
<lastmod>2019-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-grid-image-listing/agilautomatic-grid-image-listing-10-arbitrary-file-upload</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gamezone/gamezone-1111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beerxml-shortcode/beerxml-shortcode-071-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto/canto-304-unauthenticated-remote-file-inclusion</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nepali-post-date/nepali-post-date-511-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/diveit/diveit-143-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-calendar-bookings-tickets-and-more-6473-authenticated-contributor-stored-cross-site-scripting-via-event-location-and-event_category-shortcodes</loc>
<lastmod>2024-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-508-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-calendar-booking-plugin-for-appointments-and-events-526-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-your-sites-with-xcloner-482-cross-site-request-forgery-in-xcloner_remote_storagesave</loc>
<lastmod>2025-12-04T13:31:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-next/the-next-110-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-ebay/wp-lister-lite-for-ebay-360-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-324-sensitive-data-exposure</loc>
<lastmod>2016-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/medinik-core/medinik-core-136-unauthenticated-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bg-hide-email-address/hide-email-address-01-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:24:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-images/offload-ai-optimize-with-cloudflare-images-1102-authenticated-author-remote-code-execution-via-api-key-account-id-parameters-in-cf_images_do_setup-ajax-action</loc>
<lastmod>2026-06-17T16:18:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-211-authenticated-custom-role-sql-injection</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/black-widgets/black-widgets-for-elementor-135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-product-price/amazon-product-price-11-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-4183-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-user-meta-update</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-404-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-customer/full-customer-223-authenticatedsubscriber-information-disclosure-via-health-check</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-survey-and-quiz-tool/wp-survey-and-quiz-tool-13-cross-site-scripting</loc>
<lastmod>2010-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-builder-1626-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T15:59:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-slider-widget/image-slider-11125-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpt-bootstrap-carousel/cpt-bootstrap-carousel-112-reflected-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-and-registration-581-missing-authorization</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-customer-support-ticket-system-344-authenticated-subscriber-sql-injection-via-number-field-filter</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-wordpress-wave-audio-player-with-playlist-691-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-addons-for-wpbakery-page-builder/unlimited-addons-for-wpbakery-page-builder-1042-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-211-authenticated-contributor-stored-cross-site-scripting-via-ma_el_bh_table_btn_text</loc>
<lastmod>2026-02-19T23:25:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/biteship/biteship-2227-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/crowdsignal-dashboard-polls-surveys-more-3011-reflected-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41022-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atec-duplicate-page-post/atec-duplicate-page-post-1220-missing-authorization-to-authenticated-contributor-arbitrary-post-duplication-and-data-exposure</loc>
<lastmod>2025-11-24T19:06:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1393-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uipress-lite/uipress-lite-effortless-custom-dashboards-admin-themes-and-pages-3509-missing-authorization</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-manager/broken-link-manager-060-cross-site-scripting</loc>
<lastmod>2015-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-floating-content-lite/advanced-floating-content-lite-125-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gmail-smtp/wp-gmail-smtp-107-sensitive-information-exposure</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snssimen/simen-46-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beacon-by/beacon-lead-magnets-and-lead-capture-157-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-protect-email-addresses-and-phone-numbers-247-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailer/wp-easy-post-mailer-064-reflected-cross-site-scripting</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-font-awesome/advanced-custom-fields-font-awesome-field-502-authenticated-subscriber-stored-cross-site-scripting-via-json-field</loc>
<lastmod>2026-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-uploaded-file-permissions/change-uploaded-file-permissions-400-cross-site-request-forgery-to-options-update</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-player-with-playlist-ultimate/audio-player-with-playlist-ultimate-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envialosimple-email-marketing-y-newsletters-gratis/envalosimple-email-marketing-y-newsletters-245-authenticated-administrator-sql-injection-via-orderby-parameter</loc>
<lastmod>2026-05-26T17:33:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-352-authenticatedcontributor-sql-injection-via-shortcode</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-booster/seo-booster-37-admin-sql-injection</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/source/source-all-versions-cross-site-scripting</loc>
<lastmod>2013-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-315-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-05-21T11:12:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-embed/wp-google-map-183-arbitrary-post-deletion-and-plugin-settings-update-via-cross-site-request-forgery</loc>
<lastmod>2022-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-affiliation/lws-affiliation-226-unauthenticated-remotelocal-file-inclusion</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4011-missing-authorization-to-unauthenticated-data-export</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricer-ninja-pricing-tables/pricer-ninja-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3121-authenticatedadministrator-sql-injection-via-replace_urls</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-loadredirectsettings-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-774-missing-authorization-via-save_block_css</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-bulk-email/newsletter-bulk-email-sender-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2756-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-08-29T16:01:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/citizen-space/citizen-space-11-reflected-cross-site-scripting</loc>
<lastmod>2015-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-226-insecure-direct-object-reference-to-unauthenticated-company-logo-deletion</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-authenticated-contributor-stored-cross-site-scripting-via-tag</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-249-cross-site-request-forgery-via-_process_general</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-394-missing-authorization</loc>
<lastmod>2023-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-662-authenticated-cross-site-scripting</loc>
<lastmod>2020-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishsuite/wishsuite-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rewp/rewp-101-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-03T21:12:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apartment-management/wpams-440-17-08-2023-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-wp/forms-for-mailchimp-by-optin-cat-254-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-restaurant-reservations/quick-restaurant-reservations-141-reflected-cross-site-scripting</loc>
<lastmod>2022-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-slider/simple-slider-11-reflected-cross-site-scripting</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-and-products-views/posts-and-products-views-for-woocommerce-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:49:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-business-intelligence-lite/wp-business-intelligence-lite-320-authenticated-subscriber-missing-authorization-to-privilege-escalation-via-arbitrary-sql-modification</loc>
<lastmod>2026-05-04T14:06:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1131-cross-site-request-forgery-via-multiple-functions</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easily-generate-rest-api-url/easily-generate-rest-api-url-100-stored-cross-site-scripting</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-453-bypass-sanitize_file_name-protection</loc>
<lastmod>2016-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/our-team-enhanced/our-team-showcase-13-cross-site-scripting</loc>
<lastmod>2014-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-livesearch-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1328-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-booking-calendar/wp-simple-booking-calendar-2013-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-box/popup-box-easily-create-wordpress-popups-3212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-17T16:37:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-online-users-stats/wp-online-users-stats-100-authenticated-editor-sql-injection-via-table_name-parameter</loc>
<lastmod>2025-06-05T17:51:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayer/wp-prayer-165-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cliengo/cliengo-chatbot-302-missing-authorization-to-unauthenticated-chatbot-settings-update</loc>
<lastmod>2024-07-08T19:56:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translate-this-google-translate-web-element-shortcode/translate-this-google-translate-web-element-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-base_lang-parameter</loc>
<lastmod>2025-08-15T19:50:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/24liveblog/24liveblog-22-missing-authorization-to-authenticated-author-settings-modification-via-update_lb24_token-ajax-action</loc>
<lastmod>2026-06-23T16:39:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-resume-builder/my-resume-builder-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instantio/instantio-woocommerce-quick-checkout-instant-checkout-side-cart-popup-cart-125-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsi-hotel-pro/online-hotel-booking-system-pro-11-cross-site-scripting</loc>
<lastmod>2020-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-popup-for-contact-form-7/wpb-popup-for-contact-form-7-showing-the-contact-form-7-popup-on-button-click-cf7-popup-175-unauthenticated-arbitrary-shortcode-execution-via-wpb_pcf_fire_contact_form</loc>
<lastmod>2024-11-18T23:01:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-multi-currency/curcy-223-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-builder-ays/faq-builder-ays-182-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-list/contact-list-3018-authenticated-contributor-stored-cross-site-scripting-via-_cl_map_iframe-parameter</loc>
<lastmod>2026-03-20T10:58:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cozipress/cozipress-1032-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-552-unauthenticated-csv-injection</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/onetone/onetone-306-onetone-companion-111-unauthenticated-settings-update</loc>
<lastmod>2020-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultra-portfolio/ultra-portfolio-67-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41033-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-450-stored-cross-site-scripting</loc>
<lastmod>2020-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tubepress/tubepress-165-cross-site-scripting</loc>
<lastmod>2008-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post-template/simple-content-templates-for-blog-posts-pages-2261-cross-site-request-forgery</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-smtp-pro/wp-mail-smtp-pro-380-missing-authorization-to-information-dislcosure-via-is_print_page</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-1119-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squeeze/squeeze-16-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/core-web-vitals-pagespeed-booster/core-web-vitals-pagespeed-booster-1027-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/urna/urna-257-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-calendar-sync/vr-calendar-244-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2022-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realhomes/rh-real-estate-wordpress-theme-440-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-06-09T14:53:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-206-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-12-03T10:28:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-coupons/flexible-pdf-coupons-1102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-switch/maintenance-switch-162-reflected-cross-site-scripting</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-125-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-set-slideshows/flickr-set-slideshows-09-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-wordpress-posts-bulk-editor-and-manager-professional-1085-authenticated-editor-path-traversal</loc>
<lastmod>2024-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yml-for-yandex-market/yml-for-yandex-market-3107-reflected-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/standout-color-boxes-and-buttons/standout-color-boxes-and-buttons-070-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-243-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debranding/debranding-102-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-12-11T15:22:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vstemplate-creator/vstemplate-creator-202-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-usage/media-usage-004-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-098-authenticated-cross-site-scripting</loc>
<lastmod>2015-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-and-salon-booking-system-pro-762-sensitive-data-disclosure</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-443-authorization-bypass</loc>
<lastmod>2021-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-sitemap-generator/xml-sitemaps-409-authenticated-cross-site-scripting</loc>
<lastmod>2018-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate-pro/shortcodes-ultimate-pro-720-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svgator/svgator-add-animated-svg-easily-126-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shorten-url/short-url-168-missing-authorization-via-multiple-ajax-functions</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tarteaucitronjs/tarteaucitronjs-cookies-legislation-gdpr-wordpress-plugin-16-cross-site-scripting</loc>
<lastmod>2021-12-17T14:06:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-bet/easy-bet-107-authenticatedcontributor-sql-injection</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-portal/client-portal-private-user-pages-and-login-121-missing-authorization</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-editor-bootstrap-blocks/block-editor-bootstrap-blocks-661-reflected-cross-site-scripting-via-tab</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-videos/video-gallery-youtube-gallery-214-authenticated-administrator-sql-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel-slider-for-elementor/post-carousel-slider-for-elementor-170-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagerank-tools/pagerank-tools-115-reflected-cross-site-scripting</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-cost-of-goods/ni-woocommerce-cost-of-goods-328-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jp-staticpagex/static-page-extended-21-cross-site-request-forgery</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-762-reflected-cross-site-scripting</loc>
<lastmod>2024-10-04T12:23:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-wp-business-directory-plugin-and-classified-listings-directory-28152-unauthenticated-sql-injection</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-328-cross-site-request-forgery-leading-to-post-thumbnail-change</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blackhole-bad-bots/blackhole-for-bad-bots-331-arbitrary-ip-address-blocking-via-ip-spoofing</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/qt-kentharadio/kentharadio-220-reflected-cross-site-scripting</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-elementor-addons-14191-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-226-missing-authorization-to-unauthenticated-arbitrary-email-sending</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/m1downloadlist/m1downloadlist-023-authenticated-contributor-sensitive-information-disclosure</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-forms-by-mailmunch/constant-contact-forms-by-mailmunch-2011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-5711-reflected-cross-site-scripting-via-campaign_id</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3154-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-51010-reflected-cross-site-scripting-via-crsearch</loc>
<lastmod>2026-04-15T17:40:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swiss-toolkit-for-wp/swiss-toolkit-for-wp-107-authenticated-contributor-authentication-bypass</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cloudflare-page-cache/super-page-cache-for-cloudflare-475-cross-site-request-forgery</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-3d-tag-cloud/3d-tag-cloud-38-cross-site-request-forgery</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-381-authenticated-contributor-stored-cross-site-scripting-via-sa_verify-shortcode</loc>
<lastmod>2025-05-09T21:58:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/good-bad-comments/good-bad-comments-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/findall-membership/findall-membership-104-authentication-bypass-via-social-login</loc>
<lastmod>2025-11-26T16:16:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/personal-favicon/personal-favicon-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-commander-client/cms-commander-manage-multiple-sites-plugin-221-php-object-injection</loc>
<lastmod>2016-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stackable-ultimate-gutenberg-blocks/stackable-3195-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-01-07T12:46:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dn-sitemap-control/dn-sitemap-control-106-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-243-reflected-cross-site-scripting</loc>
<lastmod>2014-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-education/wp-education-128-authenticated-contributor-stored-cross-site-scripting-via-text_html_tag</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-the-ultimate-woocommerce-multivendor-marketplace-solution-420-missing-authorization-to-limited-vendor-privilege-escalationaccount-takeover</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/issuupress/issuupress-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpqa/wpqa-59-cross-site-request-forgery</loc>
<lastmod>2022-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-admin-interface/custom-admin-interface-741-missing-authorization</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-calendar-sync/vr-calendar-233-cross-site-request-forgery</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-push/web-push-140-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-power-stats/wp-power-stats-223-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-baner/scroll-baner-10-cross-site-request-forgery-to-remote-code-execution-andor-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scripts-n-styles/scripts-n-styles-353-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1081-authenticated-customer-insecure-direct-object-reference</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yds-support-ticket-system/yds-support-ticket-system-10-cross-site-request-forgery</loc>
<lastmod>2022-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9200-authenticated-student-sql-injection-via-view-attendance</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogger-image-import/blogger-image-import-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/floating-chat-widget-contact-chat-icons-telegram-chat-line-messenger-wechat-email-sms-call-button-whatsapp-chaty-335-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awa-plugins/awa-plugins-144-reflected-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-wpfc_toolbar_save_settings_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peprodev-ups/peprodev-ultimate-profile-solutions-191-752-missing-authorization-to-limited-unauthenticated-arbitrary-user-meta-update-via-handel_ajax_req-function</loc>
<lastmod>2025-05-06T13:27:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-rate-shipping-pro/wowshipping-pro-106-injected-backdoor</loc>
<lastmod>2026-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxwpbookmark/cbx-bookmark-favorite-204-authenticated-subscriber-sql-injection-via-orderby-parameter</loc>
<lastmod>2026-01-05T15:12:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crelly-slider/crelly-slider-146-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-maker/table-maker-191-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reconstruction/reconstruction-147-reflected-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/update-notifications/update-notifications-034-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seznam-webmaster/seznam-webmaster-147-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-license/comment-license-130-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zentrum/zentrum-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weblizar-companion/is-theme-companion-157-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acymailing/acymailing-9110-1081-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-04-15T16:43:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-google-reviews/plugin-for-google-reviews-31-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dd-post-carousel/custom-post-carousels-with-owl-146-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-booking-system/wp-booking-system-201910-missing-authorization-via-wpbs_refresh_calendar_editor</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-events-tickets/easy-paypal-events-122-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration-unlimited-extension/all-in-one-wp-migration-unlimited-extension-283-missing-authorization-to-authenticated-subscriber-arbitrary-backup-schedule-creation-and-backup-file-download</loc>
<lastmod>2026-05-05T14:37:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp/mainwp-dashboard-4241-cross-site-request-forgery</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-address-bar-color/browser-address-bar-color-33-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-street-view-shortcode/shortcode-for-google-street-view-057-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-20T19:32:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-mail-by-constant-contact/creative-mail-154-cross-site-request-forgery</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worker-wpbakery/worker-for-wpbakery-111-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-wp/accordion-26-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antihacker/anti-hacker-434-cross-site-request-forgery-via-antihacker_ajax_scan</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-333-cross-site-scripting</loc>
<lastmod>2019-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-vendors/woocommerce-products-vendor-2168-insecure-direct-object-reference-to-vendor-commission-percentage-update</loc>
<lastmod>2022-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-406-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-99910-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/automatic-3920-unauthenticated-sql-injection</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1582-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-mixcloud/list-mixcloud-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-attachment/woocommerce-product-attachment-218-cross-site-request-forgery</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/forumengine/forumengine-18-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-support-ticket-system/support-ticket-system-121-sql-injection</loc>
<lastmod>2015-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/callphoner/callphoner-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-cafe-addon-for-elementor/restaurant-cafe-addon-for-elementor-159-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2698-authenticated-contibutor-stored-cross-site-scripting-via-card-widget</loc>
<lastmod>2024-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-elements-addons-for-elementor/mega-elements-addons-for-elementor-132-authenticated-contributor-stored-cross-site-scripting-via-countdown-timer-widget</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-food/wp-food-ordering-and-restaurant-menu-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-delete-posts/duplicate-post-141-cross-site-request-forgery-via-cdp_action_handling-ajax-action</loc>
<lastmod>2023-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0885-cross-site-scripting-via-wpfastestcachepage-options-wpfastestcachepreload_number-or-wpfastestcachelanguage-parameter</loc>
<lastmod>2018-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-import-export-lite/wp-import-export-lite-3927-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3233-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/razorpay-subscription-button-elementor/razorpay-subscription-button-elementor-plugin-103-reflected-cross-site-scripting-via-add_query_arg-and-remove_query_arg-functions</loc>
<lastmod>2025-03-04T19:18:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-frases/vr-frases-401-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codehaveli-bitly-url-shortener/bitly-url-shortener-141-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1339-cross-site-scripting</loc>
<lastmod>2016-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mx-time-zone-clocks/mx-time-zone-clocks-511-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsidxpress/dsidxpress-211-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stratum/stratum-elementor-widgets-160-authenticated-contributor-stored-cross-site-scripting-via-advanced-google-maps-and-image-hotspot-widgets</loc>
<lastmod>2025-07-31T16:22:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tnc-toolbox/tnc-toolbox-web-performance-204-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-398-unauthenticated-sql-injection-via-eventer_get_attendees</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-6112-authenticatedcontributor-stored-cross-site-scripting-via-event-calendar-widget</loc>
<lastmod>2025-06-06T21:37:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/simple-shopping-cart-524-authenticated-contributor-stored-cross-site-scripting-via-wpsc_display_product-shortcode</loc>
<lastmod>2026-04-03T19:30:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cyr-cho/wp-cyr-cho-01-cross-site-request-forgery</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171006-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T19:52:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171001-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-425-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mavix-education/mavix-education-10-missing-authorization-to-authenticated-subscriber-creativ-demo-importer-plugin-activation</loc>
<lastmod>2025-12-12T15:29:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zij-kart/zij-kart-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-action-buttons/floating-action-buttons-091-missing-authorization</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iubenda-cookie-law-solution/iubenda-332-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/appointment-booking-and-online-scheduling-442-reflected-cross-site-scripting</loc>
<lastmod>2024-06-20T20:02:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-nextmove-lite/nextmove-lite-thank-you-page-for-woocommerce-2230-authenticated-contributor-stored-cross-site-scripting-via-xlwcty_current_date-shortcode</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-woocommerce-infinite-scrol/woocommerce-infinite-scroll-and-ajax-pagination-18-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-05-28T16:45:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map/wp-google-map-plugin-10-authenticated-contributor-sql-injection</loc>
<lastmod>2025-10-14T19:47:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melhor-envio-cotacao/melhor-envio-21511-unauthenticated-sensitive-information-exposure-via-hardcoded-hash</loc>
<lastmod>2025-04-07T15:53:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-slider/product-slider-product-grid-product-masonry-11361-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-media/external-media-1033-authenticated-arbitrary-file-upload</loc>
<lastmod>2021-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/typebot/typebot-build-beautiful-conversational-forms-143-authenticated-admin-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kallyas/kallyas-42-cross-site-request-forgery</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-rss/flickrrss-531-cross-site-scripting-via-flickrrss_set</loc>
<lastmod>2018-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-4751-missing-authorization-to-unauthenticated-data-export</loc>
<lastmod>2022-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-optin-box/noptin-342-missing-authorization-to-unauthenticated-form-submission</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lms-by-lifterlms-online-course-membership-learning-management-system-plugin-for-wordpress-4212-insecure-direct-object-reference</loc>
<lastmod>2021-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveaway-boost/giveaway-boost-214-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-2821-authenticatededitor-sql-injection</loc>
<lastmod>2023-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-203-authenticated-admin-stored-cross-site-scripting-in-post_oxi_settings-function</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-factory/shortcode-factory-11-reflected-cross-site-scripting</loc>
<lastmod>2015-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-single-page-checkout/woocommerce-single-page-checkout-127-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-opt-out/google-analytics-opt-out-234-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-094-cross-site-request-forgery</loc>
<lastmod>2014-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truenorth-srcset/srcset-responsive-images-for-wordpress-14-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onesignal-free-web-push-notifications/onesignal-web-push-notifications-1177-stored-cross-site-scripting</loc>
<lastmod>2019-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.1/wordpress-core-211-cross-site-scripting</loc>
<lastmod>2007-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member-widgets-for-elementor/ultimate-member-widgets-for-elementor-23-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2025-11-19T16:28:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yayextra/yayextra-155-authenticated-administrator-sql-injection</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blaze-demo-importer/blaze-demo-importer-1012-missing-authorization-to-authenticated-subscriber-limited-plugin-install</loc>
<lastmod>2025-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aruba-hispeed-cache/aruba-hispeed-cache-304-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popular-posts/wordpress-popular-posts-632-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sip-reviews-shortcode-woocommerce/sip-reviews-shortcode-for-woocommerce-123-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-playground/quick-playground-134-authenticated-administrator-arbitrary-file-read-via-filename-parameter</loc>
<lastmod>2026-06-05T14:22:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mautic-integration-for-woocommerce/mautic-integration-for-woocommerce-103-cross-site-request-forgery-leading-to-arbitrary-options-update</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-genius/comment-genius-125-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-03-20T15:18:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/avanix/imediapixel-themes-various-versions-cross-site-scripting</loc>
<lastmod>2012-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-window/modal-window-create-popup-modal-window-521-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2021-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-437-missing-authorization-in-paytium_sw_save_api_keys</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-645-cross-site-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vayu-blocks/vayu-blocks-139-authenticated-contributor-stored-cross-site-scripting-via-multiple-block-attributes</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/pdf-invoices-packing-slips-for-woocommerce-376-authenticated-shop-manager-sql-injection</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bloggie/bloggie-208-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cliptakes/cliptakes-134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-22T21:32:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-vendors/woocommerce-product-vendors-2176-reflected-cross-site-scripting</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yampi-checkout/yampi-checkout-103-reflected-cross-site-scripting</loc>
<lastmod>2022-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-1-wordpress-booking-plugin-13-sql-injection</loc>
<lastmod>2014-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zingiri-web-shop/zingiri-web-shop-plugin-241-cross-site-scripting</loc>
<lastmod>2012-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-223-unauthenticated-parameter-manipulation</loc>
<lastmod>2018-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-453-cross-site-scripting-via-attachment-name</loc>
<lastmod>2016-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-facebook/spider-facebook-1015-cross-site-request-forgery</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-transition/page-transition-13-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brave-popup-builder/brave-popup-builder-065-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-shortcodes/paypal-shortcodes-03-authenticated-contributor-stored-cross-site-scripting-via-amount-and-name-shortcode-attributes</loc>
<lastmod>2026-03-20T15:07:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-wpforms-lite/views-for-wpforms-322-missing-authorization-via-create_view</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wr-age-verification/wr-age-verification-100-reflected-cross-site-scripting</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anywhere-flash-embed/anywhere-flash-embed-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/go-sphinx/gigaom-sphinx-01-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-registration/simple-user-registration-64-authenticated-contributor-privilege-escalation</loc>
<lastmod>2025-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-page-cat/landing-page-cat-178-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fable-extra/fable-extra-106-unauthenticated-sql-injection</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discord-invite/wp-discord-invite-241-reflected-cross-site-scripting-via-webhook</loc>
<lastmod>2023-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expand-maker/read-more-accordion-347-cross-site-request-forgery-to-local-file-inclusion</loc>
<lastmod>2025-04-04T13:09:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wordpress-40-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/augmented-reality/augmented-reality-plugin-120-arbitrary-file-upload</loc>
<lastmod>2020-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/visual-arts/visual-art-gallery-wordpress-theme-24-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-4274-cross-site-scripting</loc>
<lastmod>2014-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hobo/hobo-1010-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-booking-system/course-booking-system-606-unauthenticated-sql-injection</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects/simple-301-redirects-200-203-authenticated-arbitrary-plugin-installation</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.8/wordpress-core-382-authentication-cookie-forgery</loc>
<lastmod>2014-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/co-authors-plus/co-authors-plus-35-351-sensitive-information-disclosure</loc>
<lastmod>2022-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popups-lite/wp-popups-wordpress-popup-builder-215-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-302-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/astra/astra-464-authenticated-editor-stored-cross-site-scripting-via-theme-headerfooter</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-term-editor/bulk-term-editor-114-cross-site-request-forgery</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dn-cookie-notice/simple-fixed-notice-16-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-login-control/wp-login-control-200-reflected-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteorigin-panels/page-builder-by-siteorigin-22915-authenticated-contributor-stored-cross-site-scripting-via-siteorigin_widget-shortcode</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-3105-reflected-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-366-authenticated-patient-insecure-direct-object-reference</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-related-products-refresh-on-reload/related-products-for-woocommerce-3315-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pwa-for-wp/pwa-for-wp-amp-1732-missing-authorization</loc>
<lastmod>2021-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/process-steps-template-designer/process-steps-template-designer-121-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twenty20/twenty20-image-before-after-159-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-cross-site-request-forgery-via-process_bulk_action</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-salesforce/integration-for-salesforce-and-contact-form-7-wpforms-elementor-formidable-ninja-forms-144-unauthenticated-full-path-disclosure</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quttera-web-malware-scanner/quttera-web-malware-scanner-34148-authenticated-administrator-directory-traversal-via-showfile</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-more-than-just-a-page-builder-3234-authenticated-contributor-stored-cross-site-scripting-in-the-url-parameter-in-multiple-widgets</loc>
<lastmod>2024-09-10T23:03:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6711-authenticated-author-stored-cross-site-scripting-via-add-layer-class-id-and-title-attributes</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-calendar-bookings-tickets-and-more-7222-cross-site-request-forgery-to-location-deletion</loc>
<lastmod>2025-12-11T21:40:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitytime/sessions-time-monitoring-full-automatic-113-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-firebase-sms-otp-verification/miniorange-otp-verification-with-firebase-310-362-unauthenticated-privilege-escalation</loc>
<lastmod>2025-09-19T00:13:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-free-widgets-hover-effects-toggle-conditions-animations-for-elementor-2059-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kia-subtitle/kia-subtitle-401-improper-neutralization-of-input-during-web-page-generation-cross-site-scripting</loc>
<lastmod>2026-05-21T14:37:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bns-featured-category/bns-featured-category-282-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T17:47:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-authenticated-contributor-arbitrary-content-deletion</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kallyas/kallyas-4220-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-icons/popular-brand-icons-simple-icons-277-authenticated-cross-site-scripting</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp/mainwp-dashboard-the-private-wordpress-manager-for-multiple-website-maintenance-plugin-312-stored-cross-site-scripting</loc>
<lastmod>2016-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/don8/don8-04-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-links/social-links-1011-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dispatcher/wp-dispatcher-120-authenticated-contributor-sql-injection</loc>
<lastmod>2025-10-02T22:17:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-852-cross-site-request-forgery</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/qreatix/qreatix-194-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-fedex-freight-edition/ltl-freight-quotes-for-customers-of-fedex-freight-341-unauthenticated-sql-injection</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-410-sql-injection</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-701-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-testimonial/testimonials-free-26-pro-107-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-311-directory-traversal</loc>
<lastmod>2014-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beacon-by/beacon-lead-magnets-and-lead-capture-158-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-input-fields-for-woocommerce/product-input-fields-for-woocommerce-1120-unauthenticated-limited-file-upload</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-x/product-catalog-simple-184-cross-site-request-forgery</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/injection-guard/injection-guard-121-missing-authorization-to-whitelist-update</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-serial-numbers/serial-numbers-for-woocommerce-license-manager-210-missing-authorization</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-donations/donations-made-easy-smart-donations-4012-authenticated-administrator-sql-injection</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/original-texts-yandex-webmaster/original-texts-yandex-webmaster-118-cross-site-request-forgery</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-157-authenticated-contributor-stored-cross-site-scripting-via-advanced-icons-widget</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-182-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-221-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-transliteration/google-transliteration-172-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibryl-switch-user/ibryl-switch-user-101-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart-pro/abandoned-cart-lite-for-woocommerce-520-and-abandoned-cart-pro-for-woocommerce-7130-stored-cross-site-scripting</loc>
<lastmod>2019-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-user-roles/premmerce-user-roles-1013-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-paypal/easy-paypal-buy-now-button-19-unauthenticated-open-redirect</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multifox-plus/multifox-plus-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dobsondev-shortcodes/dobsondev-shortcodes-2112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-photo-grid-video-gallery-21418-authenticated-author-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1378-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-489-and-492-missing-authorization-on-ajax-actions</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-child-pages-shortcode/list-child-pages-shortcode-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recentcomments/wp-recentcomments-207-sql-injection</loc>
<lastmod>2011-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/buddyboss-theme/buddyboss-theme-2461-cross-site-request-forgery</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-pro-360-authenticated-contributor-stored-cross-site-scripting-via-ekit_btn_id</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newspaper-x/epsilon-framework-themes-various-versions-unauthenticated-plugin-activationdeactivation</loc>
<lastmod>2020-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weforms/weforms-1613-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/privatecontent-free/privatecontent-free-120-authenticated-contributor-stored-cross-site-scripting-via-align-shortcode-attribute</loc>
<lastmod>2026-04-07T21:05:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shop-page-wp/shop-page-wp-127-authenticated-cross-site-scripting</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-manager/booking-manager-2028-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workreap/workreap-263-insecure-direct-object-reference</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-tidy-tags/xili-tidy-tags-11206-reflected-cross-site-scripting</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-301-cross-site-request-forgery</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/movie-booking/movie-booking-115-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/live-composer-free-wordpress-website-builder-202-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-visitor-ip-address/show-visitor-ip-address-02-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evergreen-content-poster/evergreen-content-poster-auto-post-and-schedule-your-best-content-to-social-media-144-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto/canto-306-remote-file-inclusion-to-code-execution</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-polls/wp-polls-273-cross-site-scripting</loc>
<lastmod>2016-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibe/web-accessibility-by-accessibe-211-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ko-fi-button/ko-fi-button-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-special-characters/ansi-regex-211-301-400-411-500-501-600-601-regular-expression-denial-of-service-redos</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-free/event-espresso-freelite-313712l-unauthenticated-sql-injection</loc>
<lastmod>2019-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobwp/jobwp-243-cross-site-request-forgery</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-poll/liquidpoll-advanced-polls-for-creators-and-brands-3368-missing-authorization-via-activate_addon</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwp-client/infinitewp-client-1111-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-mpg-340-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kopatheme/kopa-framework-135-cross-site-request-forgery</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-flash-video/simple-flash-video-17-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-gocardless/woocommerce-gocardless-gateway-256-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppm/wp-plugin-manager-wppm-164b-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tagembed-widget/tagembed-58-missing-authorization</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-938-reflected-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-249-authenticated-susbscriber-sql-injection</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3542-authenticated-subscriber-arbitrary-shortcode-execution-via-profile-names</loc>
<lastmod>2025-09-08T16:23:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chrono/wp-chrono-154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-240-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mimo-woocommerce-order-tracking/mimo-woocommerce-order-tracking-102-missing-authorization-to-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T14:42:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-784-missing-authorization-to-unauthenticated-settings-change</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finale-woocommerce-sales-countdown-timer-discount/finale-lite-2180-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-language-translator/google-language-translator-609-reflected-cross-site-scripting</loc>
<lastmod>2021-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-users/export-users-to-csv-14-csv-injection</loc>
<lastmod>2019-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-964-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-facebook-messenger/live-chat-with-facebook-messenger-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magicform/magicform-wordpress-form-builder-162-missing-authorization</loc>
<lastmod>2025-01-31T18:12:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts/related-posts-181-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snazzy-maps/snazzy-maps-114-multiple-cross-site-scripting</loc>
<lastmod>2018-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sala/sala-startup-saas-wordpress-theme-114-unauthenticated-privilege-escalation-via-password-resetaccount-takeover</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-digital-content-delivery-with-drm-flickrocket/woocommerce-digital-content-delivery-incl-drm-flickrocket-475-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T16:27:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-builder/chartify-wordpress-chart-plugin-359-missing-authentication-for-administrative-function</loc>
<lastmod>2025-10-07T16:43:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reflex-gallery/reflex-gallery-143-cross-site-scripting</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zedity/zedity-the-layout-free-content-editor-251-reflected-cross-site-scripting</loc>
<lastmod>2014-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-3050-authenticatedsubscriber-php-object-injection</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-views-query-and-display-post-page/content-views-362-authenticatedadministrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popups-lite/wp-popups-2147-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mailchimp-for-wordpress-4916-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-20T20:24:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-multi-step-form-calculation-contact-form-payment-contact-form-custom-contact-form-builder-2152-authenticated-administrator-improper-input-validation-via-iconupload-function-to-arbitrary-file-read</loc>
<lastmod>2024-10-10T19:11:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3532-authenticated-subscriber-missing-authorization-via-get_cc_ordersupdate_order_status-functions</loc>
<lastmod>2025-10-03T14:11:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prismatic/prismatic-373-unauthenticated-stored-cross-site-scripting-via-prismatic_encoded-pseudo-shortcode</loc>
<lastmod>2026-04-15T18:26:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integracao-rd-station/rd-station-532-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-04T21:25:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxgooglemap/cbx-map-for-google-map-openstreetmap-1111-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-572-authenticated-contributor-sql-injection-via-model_number-parameter</loc>
<lastmod>2024-08-19T11:55:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-145-authenticated-shop-manager-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-5914-authenticated-contributor-store-cross-site-scripting-via-widget-url-attribute</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-text-to-speech/ai-text-to-speech-303-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-pro/tutor-lms-pro-272-missing-authorization-to-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-rets/simplyrets-real-estate-idx-2113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/petsland/pets-land-128-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-knowledgebase/wp-knowledgebase-134-cross-site-request-forgery</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-counter/simple-download-counter-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disqus-comment-system/disqus-comment-system-279-multiple-cross-site-request-forgery</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-easy-form-builder-for-wordpress-contact-forms-payment-forms-surveys-more-11004-missing-authorization</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popup-banners/wp-popup-banners-125-authenticated-subscriber-sql-injection-via-value</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2662-missing-authorization-to-post-status-change</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwl-advanced-faq-manager/bwl-advanced-faq-manager-203-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/bit-form-22110-authenticated-administrator-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-prism-syntax-highlighter/easy-prism-syntax-highlighter-102-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:26:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-pro-419-the-plus-addons-for-elementor-206-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-ithemes-security-extension/mainwp-ithemes-security-extension-411-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/task-manager-pro/task-manager-pro-131-blind-sql-injection</loc>
<lastmod>2017-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goqmieruca/goqmieruca-100-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-easy/easy-google-maps-11118-authenticated-author-xml-entity-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5923-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug/debug-110-cross-site-request-forgery</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-3313-cross-site-scripting</loc>
<lastmod>2018-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigmart-elements/bigmart-elements-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-pricing-table/pricing-table-201-missing-authorization</loc>
<lastmod>2024-07-08T20:06:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-info-page/wp-139-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.9/wordpress-691-authenticated-author-xml-external-entity-injection-via-getid3-library-media-upload</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-bannerRotator/allinone-banner-rotator-38-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pawfriends/pawfriends-pet-shop-and-veterinary-wordpress-13-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coleo/coleo-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-localization/quick-localization-010-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rife-free/rife-free-2418-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-246-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-collapse-o-matic/collapse-o-matic-1855-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-491-stored-cross-site-scripting-via-language</loc>
<lastmod>2017-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iphone-webclip-manager/iphone-webclip-manager-05-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-forms/cubewp-forms-all-in-one-form-builder-111-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-234-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-file-renaming</loc>
<lastmod>2025-11-24T19:15:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-attachments/zip-attachments-16-missing-authorization-to-limited-file-deletion</loc>
<lastmod>2025-10-14T19:35:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-dialog/modal-dialog-3516-authenticated-admin-remote-code-execution</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-forms/caldera-forms-1591-cross-site-scripting</loc>
<lastmod>2018-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eshop/eshop-6314-multiple-sql-injections</loc>
<lastmod>2016-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-subscribe/quick-subscribe-171-cross-site-request-forgery-to-arbitrary-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/winterlock/activity-log-for-wordpress-127-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pearsonspecter/pearson-specter-1113-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/motors/motors-5682-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mass-messaging-in-buddypress/mass-messaging-in-buddypress-221-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/insurance/insurance-35-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ad-guru/wp-ad-guru-banner-ad-responsive-popup-popup-maker-ad-rotator-more-254-reflected-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-pilot/content-pilot-217-missing-authorization</loc>
<lastmod>2025-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alt-manager/alt-manager-161-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delucks-seo/delucks-seo-218-stored-cross-site-scripting</loc>
<lastmod>2019-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-manager/job-board-manager-2160-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donate-me/donate-me-125-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blueprint/blueprint-115-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/datasets-manager-by-arttia-creative/datasets-manager-by-arttia-creative-15-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-booking/hotel-booking-37-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/stockholm/stockholm-96-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2854-authenticated-contributor-sql-injection-via-get_maps</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpop-elementor-addons/wpoperation-elementor-addons-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-b2b-for-woocommerce/all-in-one-b2b-for-woocommerce-103-unauthenticated-privilege-escalation</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-payment-button-by-vcita/online-payments-get-paid-with-paypal-square-stripe-3200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/persuasion/persuasion-24-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/passwordless-login/passwordless-login-112-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplemodal/simple-modal-033-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-login/quick-social-login-146-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-14T19:35:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-with-hubspot-forms/integration-with-hubspot-forms-122-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T15:09:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/af-tell-a-friend/af-tell-a-friend-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-multihotel/js-multi-hotel-221-reflected-cross-site-scripting</loc>
<lastmod>2014-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/storecontrl-wp-connection/storecontrl-woocommerce-413-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexmls-idx/flexmls-idx-plugin-31422-reflected-cross-site-scripting</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-change/bulk-change-of-posts-terms-and-post-types-10-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-255-authenticated-contributor-stored-cross-site-scripting-via-video-player-widget-settings</loc>
<lastmod>2024-06-25T13:45:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-rsvp/rsvp-events-294-reflected-cross-site-scripting</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stackable-ultimate-gutenberg-blocks/stackable-3181-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/project-status/project-status-16-reflected-cross-site-scripting</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-code-highlightjs/wp-code-highlightjs-063-cross-site-scripting</loc>
<lastmod>2019-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/gutenberg-essential-blocks-page-builder-for-gutenberg-blocks-patterns-571-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-pdf-using-contact-form-7/generate-pdf-using-contact-form-7-412-cross-site-request-forgery</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveforms/live-forms-484-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2110-authenticated-subscriber-profile-privacy-setting-bypass</loc>
<lastmod>2025-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailgun-smtp/wp-mailgun-smtp-107-missing-authorization</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-readme-parser/plugin-readme-parser-1315-authenticated-contributor-stored-cross-site-scripting-via-target-parameter</loc>
<lastmod>2025-08-14T20:11:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-301-and-302-redirect/advanced-301-and-302-redirect-169-unauthenticated-sql-injection</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alliance/alliance-311-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/stockholm/stockholm-9141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reciply/reciply-plugin-118-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-masta/mail-masta-10-sql-injection-via-camp_id-parameter</loc>
<lastmod>2017-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-244-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-834-authenticated-subscriber-arbitrary-file-readdeletion-via-ajax_attach_file</loc>
<lastmod>2026-04-17T04:24:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videos-on-admin-dashboard/videos-on-admin-dashboard-114-cross-site-scripting</loc>
<lastmod>2020-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-259-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/all-in-one-google-analytics-pixels-and-product-feed-manager-for-woocommerce-523-cross-site-request-forgery</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-presenter/simple-presenter-151-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-downloads/z-downloads-1117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/board-election/board-election-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elite-notification/elite-notification-sales-popup-social-proof-fomo-woocommerce-15-missing-authorization</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-1065-unauthenticated-stored-cross-site-scripting-via-email</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/invento/invento-architecture-building-agency-template-2015-05-15-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-variation-gallery/variation-images-gallery-for-woocommerce-233-reflected-cross-site-scripting-via-style</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-autokeyword/wp-autokeyword-10-missing-authorization-to-arbitrary-content-deletion</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wordpress-backup-plugin-1229-reflected-cross-site-scripting</loc>
<lastmod>2022-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1093-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fitness-calculators/fitness-calculators-plugin-208-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-content-construction-kit/simple-custom-post-type-custom-field-103-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-5515-authenticated-administrator-stored-cross-site-scripting-via-menu_title-and-menu_magnifier_color-settings</loc>
<lastmod>2026-06-26T12:57:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taboola/taboola-201-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booktics/booktics-1016-missing-authorization-to-addon-plugin-installation</loc>
<lastmod>2026-03-09T13:22:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/patiotime/patiotime-21-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editor-wysiwyg-background-color/editor-wysiwyg-background-color-10-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-for-wp/google-adsense-banner-ads-by-adsforwp-1928-cross-site-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalinks-migration-plugin-for-wordpress/deans-permalinks-migration-10-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2008-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-contact-us/wp-quick-contact-us-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-02-13T18:28:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-logging-service/wordpress-logging-service-154-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-photo-feed-widget/widgets-for-social-photo-feed-18-missing-authentication-to-unauthenticated-plugin-settings-accessupdate-via-trustindex_feed_hook_instagram-rest-api-endpoints</loc>
<lastmod>2026-05-01T15:55:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-542-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consulting-elementor-widgets/consulting-elementor-widgets-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suretriggers/suretriggers-connect-all-your-plugins-apps-tools-automate-everything-1046-authenticated-contributor-stored-cross-site-scripting-via-trigger-link-shortcode</loc>
<lastmod>2024-06-03T18:02:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-category-slider-grid/category-slider-for-woocommerce-1415-missing-authorization-via-notice-dismissal-functionality</loc>
<lastmod>2023-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/frappe/frapp-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/indeed-membership-pro-73-86-missing-authorization-checks</loc>
<lastmod>2020-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-771-csv-injection</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wellspring/wellspring-28-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-541-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-manager-light/widget-manager-light-118-missing-authorization</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-order-statuses-woocommerce/custom-order-status-for-woocommerce-230-cross-site-request-forgery</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bfres/bfres-121-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpglobus/wpglobus-multilingual-everything-196-cross-site-scripting-via-wpglobus_optionenabled_languages</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/semantic-shortcode/semantic-shortcode-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6583-unauthenticated-sql-injection-via-ays_questions-parameter</loc>
<lastmod>2024-06-24T20:09:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-rocket-extension/mainwp-rocket-extension-403-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lawyer-landing-page/lawyer-landing-page-124-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lawyer-directory/lawyer-directory-134-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-stripe/woocommerce-stripe-payment-gateway-1070-missing-authorization-to-unauthenticated-order-status-manipulation-via-order-parameter</loc>
<lastmod>2026-06-15T21:08:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dentalux/dentalux-dentist-healthcare-site-template-33-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-14132-cross-site-scripting</loc>
<lastmod>2017-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crontrol/wp-crontrol-1170-1191-authenticated-administrator-blind-server-side-request-forgery</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-embed-code/code-embed-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-prayer-time-for-mosques/daily-prayer-time-20220301-unauthenticated-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seedprod-coming-soon-pro-5/seedprod-pro-6195-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/felan-framework/felan-framework-114-hardcoded-credentials</loc>
<lastmod>2025-10-15T18:07:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/renden/renden-181-authenticated-contributor-stored-cross-site-scripting-via-post-title</loc>
<lastmod>2026-02-18T15:22:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eg-series/eg-series-211-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-05-14T14:24:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-front-end-profile/wp-frontend-profile-121-cross-site-request-forgery</loc>
<lastmod>2020-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/farazsms/-273-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-creator/coupon-creator-31-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-8005-stored-cross-site-scripting</loc>
<lastmod>2018-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1215-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-address-encoder/email-address-encoder-1022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/windsor/windsor-250-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-585-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-portfolio/visual-portfolio-photo-gallery-post-grid-332-authenticated-author-stored-cross-site-scripting-via-title_tag-parameter</loc>
<lastmod>2024-05-14T11:31:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/metro-magazine/metro-magazine-141-missing-authorization</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lmsace-connect/lmsace-connect-34-missing-authorization</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kuteshop/kuteshop-429-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spin360/spin-360-deg-and-3d-model-viewer-127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-133-authenticated-contributor-stored-cross-site-scripting-via-url-attribute</loc>
<lastmod>2024-07-16T18:46:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marquee-addons-for-elementor/marqueeaddons-243-authenticated-contributor-stored-cross-site-scripting-via-testimonial-marquee-widget</loc>
<lastmod>2025-12-12T19:49:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-351-stored-cross-site-scripting</loc>
<lastmod>2013-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comparison-slider/comparison-slider-105-missing-authorization</loc>
<lastmod>2024-05-29T19:51:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-buttons-by-supsystic/social-share-buttons-by-supsystic-223-missing-authorization</loc>
<lastmod>2022-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-food-menu/food-menu-restaurant-menu-online-ordering-for-woocommerce-514-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-472-cross-site-scripting</loc>
<lastmod>2017-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accounting-for-woocommerce/accounting-for-woocommerce-168-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/angel/angel-fashion-model-agency-wordpress-cms-theme-323-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-11-12T20:19:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-facebook-reviews/wp-review-slider-121-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-combo-36-gutenberg-blocks-2264-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2023-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-s3/wordpress-amazon-s3-plugin-15-reflected-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-34134-cross-site-request-forgery-leading-to-plugin-backup-disclosure</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/contact-forms-by-cimatti-160-cross-site-request-forgery-via-accua_forms_list_page_table</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sogrid/sogrid-152-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-https-remover/inisev-plugins-various-versions-cross-site-request-forgery-on-handle_installation-function</loc>
<lastmod>2023-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-8715-authenticated-admin-sql-injection</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viet-affiliate-link/viet-affiliate-link-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/filmix/filmix-11-reflected-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-6159-missing-authorization-to-authenticated-subscriber-draft-event-titleqr-code-exposure</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipushpull/live-updates-from-excel-232-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-357-authenticated-contributor-sensitive-information-exposure-via-sina-modal-box-widget-elementor-template</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sparkpost/sparkpost-327-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jupiter/jupiter-theme-6101-authenticated-arbitrary-plugin-deletion</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-510-unauthenticated-password-protected-post-disclosure</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fg-joomla-to-wordpress/fg-joomla-to-wordpress-4202-sensitive-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-324-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skip-to/skip-to-200-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-drag-drop-wordpress-form-builder-to-create-style-and-embed-multiple-forms-of-any-complexity-252-cross-site-request-forgery-to-survey-renaming</loc>
<lastmod>2026-01-23T20:33:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post-and-page/duplicate-page-and-post-10-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugins-dashboard/download-plugins-and-themes-from-dashboard-150-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/hubbub-lite-1310-unauthenticated-information-exposure</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opti-marketing/opti-marketing-209-unauthenticated-sql-injection</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcp-openweather/wcp-openweather-250-reflected-cross-site-scripting-via-tab</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-timetable/timetable-and-event-schedule-by-motopress-241-unauthorised-event-timeslot-update</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-addons-for-elementor-best-elementor-addons-with-ready-templates-blocks-widgets-and-woocommerce-builder-5112-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-a-meeting-scheduler-by-vcita/contact-form-builder-by-vcita-4104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-233-authenticated-arbitrary-post-deletion</loc>
<lastmod>2021-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speedycache/speedycache-112-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/localize-remote-images/localize-remote-images-109-cross-site-request-forgery-via-admin-menu</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactions/interactions-create-interactive-experiences-in-the-block-editor-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-27T17:57:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speakout/speakout-email-petitions-214151-unauthenticated-sql-injection</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/labtools/labtools-10-missing-authorization</loc>
<lastmod>2021-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-646-authenticated-admin-sql-injection</loc>
<lastmod>2024-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-subscribe-sm/mailchimp-subscribe-forms-4093-open-redirect</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theasys/theasys-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-424-cross-site-scripting-via-widget-title</loc>
<lastmod>2015-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protected/password-protected-266-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-2712-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-2441-2726-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iamport-payment/-1119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-vibes/form-vibes-database-manager-for-forms-1412-missing-authorization-in-multiple-functions</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-3012-unauthenticated-sql-injection-via-login-attempts-module</loc>
<lastmod>2025-01-17T19:59:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notification-for-telegram/notification-for-telegram-331-missing-authorization-to-authenticated-subscriber-send-telegram-test-message</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-piwik/wp-matomo-integration-wp-piwik-1026-cross-site-request-forgery</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/implied-cookie-consent/implied-cookie-consent-13-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-122-missing-authorization-to-plugin-installation-settings-changedelete-demo-import-directory-kit-deletion-via-wdk_public_action</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-product-addons-custom-fields-for-woocommerce-33018-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aspose-cloud-ebook-generator/aspose-cloud-ebook-generator-10-directory-traversal</loc>
<lastmod>2015-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-replace/easy-media-replace-013-authenticated-author-arbitrary-file-deletion</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4263-authenticatedlp-instructor-stored-cross-site-scripting</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-recipe/penci-recipe-40-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-203-authenticatedcontributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-499-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-213-reflected-cross-site-scripting-via-extension</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/user-feedback-109-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ajax-chat/simple-ajax-chat-20251121-unauthenticated-information-exposure</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-326-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-376-reflected-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2930-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11318-unauthenticated-time-based-sql-injection-via-object_ids-parameter</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/drag-and-drop-multiple-file-upload-for-woocommerce-110-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iq-block-country/iq-block-country-1218-country-blocking-bypass</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agp-font-awesome-collection/agp-font-awesome-collection-324-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-posts-to-blog/twitter-posts-to-blog-11125-missing-authorization-to-unauthenticated-plugin-settings-update</loc>
<lastmod>2026-02-10T20:03:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mlm/wp-mlm-unilevel-40-unauthenticated-privilege-escalation</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextcart-woocommerce-migration/next-cart-store-to-woocommerce-migration-392-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-wordpress-file-upload-pro-4191-authenticated-administrator-path-traversal</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-announcements/wp-announcements-18-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audiocase/audiocase-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-rates/exchange-rates-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ablocks/ablocks-wordpress-gutenberg-blocks-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooemailreport/woocommerce-email-report-24-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-wp-events/simple-wp-events-1817-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-04-07T15:52:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/case-theme-user/case-theme-user-104-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-conference/the-conference-120-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/photo-gallery-images-slider-in-rbs-image-gallery-2014-remote-code-execution</loc>
<lastmod>2016-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-107-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mtouch-quiz/mtouch-quiz-307-cross-site-scripting</loc>
<lastmod>2014-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formforall/contact-form-form-for-all-12-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtmetrix-for-wordpress/gtmetrix-for-wordpress-046-reflected-cross-site-scripting-via-report_id-and-event_id</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realteo/realteo-real-estate-plugin-by-purethemes-128-authentication-bypass-via-do_register_user</loc>
<lastmod>2025-03-13T22:09:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookalet/bookalet-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteorigin-panels/page-builder-by-siteorigin-2310-authenticated-contributor-stored-cross-site-scripting-via-row-label-parameter</loc>
<lastmod>2025-01-13T21:46:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta/user-meta-242-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primer-mydata/primer-mydata-for-woocommerce-428-unauthenticated-path-traversal</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-ai-powered-classified-ads-business-directory-plugin-534-authenticated-subscriber-sensitive-data-exposure</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-skype/wow-skype-buttons-403-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mags/mags-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-965-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/showeblogin-facebook-page-like-box/showeblogin-social-70-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-215-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mass-delete-unused-tags/mass-delete-unused-tags-200-cross-site-request-forgery-via-plugin_mass_delete_unused_tags_init</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-svg/wp-svg-09-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/membership-plugin-restrict-content-3220-unauthenticated-privilege-escalation-via-rcp_level</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadin/hubspot-crm-email-marketing-live-chat-forms-analytics-11122-authenticated-contributor-stored-cross-site-scripting-via-hubspot-meeting-widget</loc>
<lastmod>2024-08-29T15:39:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-pages-shortcode/list-pages-shortcode-175-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sql-chart-builder/sql-chart-builder-2372-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upsell-order-bump-offer-for-woocommerce/upsell-order-bump-offer-for-woocommerce-307-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lucky-wheel/lucky-wheel-giveaway-1022-authenticated-administrator-remote-code-execution-via-conditional_tags-parameter</loc>
<lastmod>2026-02-10T11:56:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoshare-for-twitter/autoshare-for-twitter-231-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-offline/site-offline-149-maintenance-mode-bypass</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements-pro/admin-and-site-enhancements-ase-pro-7611-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-of-service-and-privacy-policy/terms-of-service-privacy-policy-generator-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-wpadmin/custom-links-on-admin-dashboard-toolbar-33-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-bootstrap-cards/cards-for-beaver-builder-112-authenticatedcontributor-stored-cross-site-scripting-via-bootstrapcard-link</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-framework-1123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falang/falang-multilanguage-1339-cross-site-request-forgery-via-add_language</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-222-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pie-maintenance-mode/ezp-maintenance-mode-101-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-126-missing-authorization-to-recaptcha-key-modification</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/wpbakery-page-builder-addons-by-livemesh-394-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:34:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-producttables-pro/wbw-product-table-pro-194-unauthenticated-arbitrary-sql-execution</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubepoints/cubepoints-321-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/winning-portfolio/winning-portfolio-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-buttons-by-supsystic/social-share-buttons-by-supsystic-223-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thisway/thisway-170-arbitrary-file-upload</loc>
<lastmod>2013-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamcast/streamcast-223-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bertha-ai-free/bertha-ai-11211-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediavine-control-panel/mediavine-control-panel-2102-cross-site-request-forgery-via-render_settings_page</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms-plugin/cforms-light-speed-fast-form-builder-300-cross-site-request-forgery</loc>
<lastmod>2025-09-26T18:34:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-basic-contact-form/simple-basic-contact-form-20240511-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-management/user-management-12-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-slider/b-slider-gutenberg-slider-block-for-wp-200-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-08-14T14:02:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/christmasify/christmasify-155-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokbox/wordpress-rokbox-213-denial-of-service</loc>
<lastmod>2012-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-wordpress-table-plugin-2012-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-08-14T19:13:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2html/wp2html-102-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-06-12T13:08:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-320-reflected-cross-site-scripting</loc>
<lastmod>2020-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kkprogressbar/kkprogressbar2-free-1142-authenticated-admin-sql-injection</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/afterpay-gateway-for-woocommerce/afterpay-gateway-for-woocommerce-350-reflected-cross-site-scripting</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/encrypted-contact-form/encrypted-contact-form-11-cross-site-scripting</loc>
<lastmod>2015-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-discount-rules/discount-rules-for-woocommerce-220-missing-authorization</loc>
<lastmod>2020-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4341-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-php-widget/wp-php-widget-102-full-path-disclosure</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-511-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-wordpress-blocks-plugin-327-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/custom-community/custom-community-20-2024-stored-cross-site-scripting</loc>
<lastmod>2015-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/credova-financial/credova_financial-250-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointify/appointify-108-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woo-sales-commission/ni-sales-commission-for-woocommerce-124-missing-authorization-to-authenticated-subscriber-commission-update</loc>
<lastmod>2025-01-30T16:50:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-22-arbitrary-file-upload</loc>
<lastmod>2007-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-chat/quick-chat-414-sql-injection</loc>
<lastmod>2018-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-to-lat/geo-to-lat-1019-authenticated-contributor-sql-injection</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qodeblock/plum-spin-wheel-email-pop-up-20-missing-authorization-to-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prime-addons-for-elementor/prime-addons-for-elementor-201-authenticated-contributor-insecure-direct-object-reference-via-pae_global_block-shortcode</loc>
<lastmod>2025-02-19T21:08:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emergency-password-reset/emergency-password-reset-93-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tastyc/tastyc-252-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf2post/pdf-2-post-240-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demon-image-annotation/demon-image-annotation-50-improper-input-restriction-validation</loc>
<lastmod>2022-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-block/button-block-get-fully-customizable-multi-functional-buttons-115-authenticated-contributor-post-disclosure-via-post-duplication</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greencon/greencon-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-shopping-cart-471-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplelife/simplelife-plugin-12-cross-site-scripting</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folders/folders-unlimited-folders-to-organize-media-library-folder-pages-posts-file-manager-315-missing-authorization-to-authenticated-author-media-replacement</loc>
<lastmod>2026-01-07T14:21:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-search/advance-search-116-cross-site-request-forgery-to-shortcode-deletion</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-reflected-cross-site-scripting</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-399-authenticatededitor-stored-cross-site-scripting-via-slider-callback</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nirweb-support/nirweb-support-303-missing-authorization</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protect-page/ppwp-password-protect-pages-1915-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-image/responsive-slider-image-slider-slideshow-for-wordpress-270-authenticated-admin-sql-injection</loc>
<lastmod>2015-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tao/track-analyze-amp-optimize-by-wp-tao-13-reflected-cross-site-scripting</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1242-authenticatedadministrator-directory-traversal-via-recurring-import-functionality</loc>
<lastmod>2023-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wired-impact-volunteer-management/wired-impact-volunteer-management-25-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idbbee/idbbee-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ymc-smart-filter/filter-grids-2833-cross-site-request-forgery</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-all-in-one-for-wp/dsgvo-all-in-one-for-wp-39-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-visualizer/data-visualizer-11-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:23:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speedycache/speedycache-112-missing-authorization-via-speedycache_create_test_cache</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdc-comment-toolbar/mdc-comment-toolbar-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadcenter/wp-adcenter-ad-manager-adsense-ads-256-authenticated-contributor-stored-cross-site-scripting-via-ad_alignment-attribute</loc>
<lastmod>2024-09-05T18:12:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-2726-authenticated-stored-cross-site-scripting-via-menu-label-field</loc>
<lastmod>2021-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arprice/arprice-413-unauthenticated-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-tracker/email-tracker-526-cross-site-request-forgery</loc>
<lastmod>2021-11-01T20:42:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activedemand/activedemand-0243-cross-site-request-forgery</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-forms-by-mailmunch/mailchimp-forms-by-mailmunch-322-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woostify/woostify-242-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-2812-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-106-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-ultimate-wordpress-fse-blocks-addons-ecosystem-353-authenticated-contributor-server-side-request-forgery-via-imageurl</loc>
<lastmod>2026-05-04T14:51:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/everest-news/everest-news-110-reflected-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastdup/fastdup-27-authenticated-contributor-path-traversal-via-dir_path-rest-parameter</loc>
<lastmod>2026-01-05T14:50:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-lockdown/login-lockdown-protection-211-missing-authorization-to-authenticated-subscriber-arbitrary-ip-whitelisting</loc>
<lastmod>2025-05-06T16:12:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neoforum/neoforum-10-authenticated-administrator-sql-injection</loc>
<lastmod>2026-01-10T14:46:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2b-ai-assistant/s2b-ai-assistant-chatbot-chatgpt-openai-content-image-generator-178-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2025-11-20T16:50:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fix-multiple-redirects/fix-multiple-redirects-123-reflected-cross-site-scripting</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tactical-popup/tactical-popup-11-reflected-cross-site-scripting</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primer-mydata/primer-mydata-for-woocommerce-421-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T16:14:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subpage-view/subpage-list-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T11:32:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/voice-feedback/voice-feedback-voice-recorder-for-audio-feedback-103-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/multiple-plugins-and-themes-various-versions-authenticated-contributor-dom-based-stored-cross-site-scripting-via-lightgallery-javascript-library</loc>
<lastmod>2025-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/picture-gallery/picture-gallery-1511-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/links-shortcode/links-shortcode-183-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-338-insufficient-restrictions-during-export-personal-data-requests</loc>
<lastmod>2018-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoglot/autoglot-247-reflected-cross-site-scripting</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-ban-ip/automatic-ban-ip-107-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-361-reflected-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/leblix/leblix-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-522-authenticated-ere-customer-insecure-direct-object-reference</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-car-rental-management-system-1110-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2051-cross-site-request-forgery-and-stored-cross-site-scripting</loc>
<lastmod>2019-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobcareer/jobcareer-job-board-responsive-wordpress-theme-24-unauthenticated-arbitrary-password-reset</loc>
<lastmod>2018-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Woo-product-multiaction/woocommerce-product-multi-action-13-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/notarius/notarius-legal-advisor-wordpress-theme-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-341-sensitive-information-disclosure</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payaza/payaza-038-missing-authorization-to-unauthenticated-order-status-update</loc>
<lastmod>2025-12-04T17:31:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibuildapp/ibuildapp-020-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-missing-authorization-in-categorifyajaxclearcategory</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/frontend-content-forms-for-user-submissions-ugc-2813-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-brands/woocommerce-brands-1645-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userplus/userplus-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-everything/search-everything-81-cross-site-request-forgery</loc>
<lastmod>2014-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-restaurant-menu-by-pricelisto/best-restaurant-menu-by-pricelisto-142-missing-authorization</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-hardening/wp-hardening-fix-your-wordpress-security-121-reflected-cross-site-scripting</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-party/illi-link-party-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-38-missing-authorization</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-payrexx-gateway/payrexx-payment-gateway-for-woocommerce-315-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-generator/contact-form-generator-255-reflected-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whizz/whizz-108-reflected-cross-site-scripting</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghost/ghost-055-missing-authorization-checks</loc>
<lastmod>2016-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/footer-putter/footer-putter-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sf-booking/service-finder-booking-60-unauthenticated-privilege-escalation</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-javascript-toolbox/css-javascript-toolbox-118-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-gutenberg/gutenberg-blocks-331-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-5135-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-43-cross-site-request-forgery</loc>
<lastmod>2016-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/astra/astra-4123-authenticated-contributor-stored-cross-site-scripting-via-post-meta</loc>
<lastmod>2026-03-10T17:27:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/billey/billey-216-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dbview/dbview-055-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:23:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiptimize-for-woocommerce/shiptimize-for-woocommerce-3186-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpstickybar-sticky-bar-sticky-header/wpstickybar-sticky-bar-sticky-header-210-reflected-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-gamification-plugin-to-reward-points-achievements-badges-ranks-in-wordpress-761-missing-authorization-to-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-01-05T18:53:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-1501-unauthenticated-html-injection-cross-site-request-forgery</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-embed-optimizer/video-embed-optimizer-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-cafe-addon-for-elementor/restaurant-cafe-addon-for-elementor-153-missing-authorization-via-multiple-ajax-functions</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatically-hierarchic-categories-in-menu/automatically-hierarchic-categories-in-menu-207-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:22:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exact-links/url-shortener-307-unauthenticated-sql-injection</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soumettre-fr/soumettrefr-213-missing-authorization</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-more-login/read-more-login-203-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/import-csv-or-xml-datafeed-with-ease-372-cross-site-request-forgery</loc>
<lastmod>2015-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kau-boys-backend-localization/backend-localization-2110-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpgent/helpgent-224-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-3236-authenticated-contributor-stored-cross-site-scripting-via-block-link</loc>
<lastmod>2024-05-09T18:38:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgard/asgard-security-scanner-07-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-addon-for-ninja-forms/popup-addon-for-ninja-forms-34-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-283-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-insightly/gravity-forms-insightly-116-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sandbox/sandbox-161-full-path-disclosure</loc>
<lastmod>2013-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-090-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-28T18:06:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-891-reflected-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-after-login/redirect-after-login-019-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mrseo/mr-seo-20-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sailing/sailing-446-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-forge/radio-forge-muses-player-with-skins-25-reflected-cross-site-scripting</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketing-automation/marketing-automation-1268-reflected-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3-video/s3-video-0982-cross-site-scripting</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/beelove/beelove-honey-production-and-sweets-online-store-wordpress-theme-126-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-buddypress-community-user-profile-social-network-membership-plugin-for-wordpress-134-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-01-24T18:53:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bux-woocommerce/bux-woocommerce-123-missing-authorization</loc>
<lastmod>2025-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-078-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-406-missing-authorization-via-templates</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/restrict-content-327-information-exposure-via-legacy-log-file</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-457-authenticated-author-arbitrary-file-upload-via-vtt-upload-bypass</loc>
<lastmod>2026-01-15T16:28:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-circle/full-circle-0578-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/products-rearrange-woocommerce/product-rearrange-for-woocommerce-122-unauthenticated-sql-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dologin/dologin-security-36-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-timetable/timetable-and-event-schedule-by-motopress-2318-author-stored-cross-site-scripting</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ez-form-calculator-premium/ez-form-calculator-wordpress-plugin-21412-reflected-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-168-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-during-conditional-shortcode/display-during-conditional-shortcode-12-authenticated-contributor-stored-cross-site-scripting-via-message-parameter</loc>
<lastmod>2026-02-17T15:37:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-extra-fields/wordpress-user-extra-fields-166-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-162610-missing-authorization-to-authenticated-subscriber-arbitrary-shortcode-exeuction</loc>
<lastmod>2025-03-07T20:52:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/fusion-builder-361-avada-761-unauthenticated-server-side-request-forgery</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bruteguard/bruteguard-brute-force-login-protection-014-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-translitera/wp-translitera-p125-cross-site-request-forgery</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-field-editor/checkout-field-editor-174-cross-site-request-forgery-to-checkout-fields-update</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-zip-attachments/download-zip-attachments-10-directory-traversal</loc>
<lastmod>2015-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-261-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-codes/add-custom-codes-480-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infographic-and-list-builder-ilist/infographic-maker-ilist-437-sql-injection</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-pro/tutor-lms-pro-398-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doofinder-for-woocommerce/doofinder-for-woocommerce-2033-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/theaisle/the-aisle-291-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3124-missing-authorization-to-unauthenticated-message-duplication</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-wp-page-post/duplicate-page-and-post-27-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-813-cross-site-request-forgery</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pearl-header-builder/pearl-139-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/15zine/15zine-magazine-newspaper-blog-news-wordpress-theme-330-reflected-cross-site-scripting</loc>
<lastmod>2020-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-stickers/social-stickers-229-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dd-rating/dd-rating-171-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-324-authenticated-contributor-privilege-escalation</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightbox-block/lightbox-block-1130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/m-vslider/m-vslider-213-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faqs/faqs-102-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-system/banner-system-100-missing-authorization</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buy-one-click-woocommerce/buy-one-click-woocommerce-229-missing-authorization-to-authenticated-subscriber-order-deletion</loc>
<lastmod>2024-11-12T13:28:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yoco-payment-gateway/yoco-payments-390-unauthenticated-arbitrary-file-read</loc>
<lastmod>2026-01-06T20:31:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10334-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/modernhousewife/modern-housewife-1012-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2172-reflected-cross-site-scripting</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-1911-reflected-cross-site-scripting</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/domain-replace/domain-replace-138-reflected-cross-site-scripting</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11526-reflected-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-cloud-one/search-cloud-one-225-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotscot-contact-form/hotscot-contact-form-13-sql-injection</loc>
<lastmod>2021-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-custom-links/gallery-custom-links-225-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inventory-presser/inventory-presser-1526-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dazzlersoft-teams/team-members-showcase-134-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kaya-qr-code-generator/kaya-qr-code-generator-152-authenticatedcontributor-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/innovio/innovio-17-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediamatic/mediamatic-media-library-folders-281-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/albo-pretorio-on-line/albo-pretorio-online-46-reflected-cross-site-scripting-via-errore</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-post-ads/insert-post-ads-132-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-twitter-feeds/easy-twitter-feed-12-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-392-brute-force-of-cross-site-request-forgery-tokens</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-gallery/gallery-photo-albums-plugin-13170-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pop-up-pop-up/pop-up-111-missing-authorization-to-settings-change</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-uploads-support/svg-uploads-support-211-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-svg/enable-svg-131-cross-site-scripting-via-svg</loc>
<lastmod>2022-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-3423-authenticated-admin-stored-cross-site-scripting-via-events</loc>
<lastmod>2024-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-10146-authenticated-contributor-stored-cross-site-scripting-via-bookingcalendar-shortcode</loc>
<lastmod>2025-12-04T13:08:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interview/interview-101-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-490-event-deletion-via-cross-site-request-forgery</loc>
<lastmod>2022-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php/woody-code-snippets-insert-php-css-js-and-headerfooter-scripts-271-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publishpress-authors/publishpress-authors-4101-missing-authorization</loc>
<lastmod>2026-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1350-authenticated-sql-injection-via-tag_id-parameter</loc>
<lastmod>2017-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-grid/essential-grid-311-unauthenticated-private-post-disclosure</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-182-authenticated-settings-change-leading-to-arbitrary-file-upload</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-164-local-file-inclusion</loc>
<lastmod>2015-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hover-video-preview/hover-video-preview-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-images/wp-rss-images-11-cross-site-request-forgery</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-layouts/custom-layouts-post-product-grids-made-easy-1412-missing-authorization</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-scroll-top/wpfront-scroll-top-205-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration/event-registration-60202-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2016-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/referral-link-tracker/referral-link-tracker-114-missing-authorization</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/binary-mlm-plan/binary-mlm-plan-50-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-10-16T20:57:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/database-for-contact-form-7-wpforms-elementor-forms-138-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/off-page-seo/off-page-seo-303-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-certificate-creator/gift-certificate-creator-110-reflected-cross-site-scripting-via-receip_address-parameter</loc>
<lastmod>2025-04-01T20:30:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pinfinity/pinfinity-192-reflected-cross-site-scripting</loc>
<lastmod>2017-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-options-pages/admin-options-pages-097-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jsmol2wp/jsmol2wp-107-cross-site-scripting</loc>
<lastmod>2019-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-131-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solar-wizard-lite/solar-wizard-lite-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-sync-for-woocommerce/stock-sync-for-woocommerce-240-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesale-market/wholesale-market-220-information-disclosure-via-unauthenticated-arbitrary-file-download</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ssv-mailchimp/ssv-mailchimp-315-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sentence-to-seo/sentence-to-seo-keywords-description-and-tags-10-cross-site-request-forgery-to-stored-cross-site-scripting-via-settings-page-parameters</loc>
<lastmod>2026-05-19T12:03:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-187-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-search/advanced-woo-search-200-information-disclosure</loc>
<lastmod>2020-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/indutri/indutri-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nix-anti-spam-light/nix-anti-spam-light-004-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-app-banners/smart-app-banners-12-authenticated-contributor-stored-cross-site-scripting-via-size-and-verticalalign-shortcode-attributes</loc>
<lastmod>2026-01-06T20:30:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-2202-sensitive-information-disclosure</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5954-reflected-cross-site-scripting-via-pm_get_messenger_notification-function</loc>
<lastmod>2025-07-15T16:14:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gum-elementor-addon/gum-elementor-addon-132-authenticated-contributor-stored-cross-site-scripting-via-post-meta-widget</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-topic-count/bbp-topic-count-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-a-tweets-widget-or-x-feed-widget-222-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-246-missing-authorization-via-information-disclosure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/check-plagiarism/check-plagiarism-20-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-10-23T19:57:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/bookly-2231-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu/admin-menu-plugin-11-reflected-cross-site-scripting</loc>
<lastmod>2020-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3105-authenticated-contributor-stored-cross-site-scripting-via-html-tags</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ra-qrcode/ra_qrcode-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-policy-manager/password-policy-manager-204-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redux-framework/gutenberg-template-library-redux-framework-4123-cross-site-request-forgery</loc>
<lastmod>2020-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pay-per-media-player/pay-per-media-player-124-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-distance-calculator/mk-google-directions-311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-block-editor/nexter-blocks-404-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squelch-tabs-and-accordions-shortcodes/squelch-tabs-and-accordions-shortcodes-043-authenticated-contributor-stored-cross-site-scripting-via-accordions-shortcode</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eventicity/eventicity-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.4/wordpress-core-541-authenticated-cross-site-scripting-via-customizer</loc>
<lastmod>2020-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-635-authenticated-support-manager-php-object-injection</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expand-maker/read-more-accordion-357-privilege-escalation-via-importdata</loc>
<lastmod>2026-05-19T12:12:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forge/forge-front-end-page-builder-146-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-filter-gallery/portfolio-gallery-image-gallery-plugin-164-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/word-freshener/word-freshener-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-shopping-cart-507-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/wordpress-backup-migration-141-missing-authorization-to-settings-and-schedule-modification</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apartment-management/wpams-440-17-08-2023-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-monkey-desktop-push-notifications/push-monkey-pro-web-push-notifications-and-woocommerce-abandoned-cart-39-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-manager-powered-by-behance/behance-portfolio-manager-175-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authentication-and-xmlrpc-log-writer/authentication-and-xmlrpc-log-writer-122-reflected-cross-site-scripting</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/conversiosio-650-missing-authorization</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-power-bi/power-bi-embedded-for-wordpress-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link/pretty-links-219-unauthenticated-stored-cross-site-scripting-via-track_link</loc>
<lastmod>2019-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bootstrap-ultimate/bootstrap-ultimate-149-unauthenticated-limited-local-file-inclusion</loc>
<lastmod>2025-01-23T19:34:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-query-console/wp-query-console-10-unauthenticated-remote-code-execution</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podcast-feed-player-widget/podcast-feed-player-widget-and-shortcode-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finale-woocommerce-sales-countdown-timer-discount/finale-lite-sales-countdown-timer-discount-for-woocommerce-2190-authenticated-contributor-stored-dom-based-cross-site-scripting-via-countdown-timer</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liquid-chatgpt/ai-engine-for-wordpress-chatgpt-gpt-content-generator-101-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2025-11-24T19:08:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insta-gallery/social-feed-gallery-492-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2025-10-24T18:01:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plg_novana/plg-novana-plugin-all-versions-sql-injection</loc>
<lastmod>2012-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-visitor-for-woocommerce/counter-live-visitors-for-woocommerce-136-unauthenticated-arbitrary-file-deletion-in-wcvisitor_get_block</loc>
<lastmod>2025-07-15T18:17:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-filterable-portfolio/responsive-filterable-portfolio-1022-server-side-request-forgery</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashi/dashi-318-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/modern/modern-141-cross-site-scripting</loc>
<lastmod>2015-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-41611-missing-authorization-to-authenticated-subscriber-membership-payment-bypass</loc>
<lastmod>2026-04-03T19:47:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-mortgage-calculator/ai-mortgage-calculator-101-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/popup-and-slider-builder-by-depicter-add-email-collecting-popup-popup-modal-coupon-popup-image-slider-carousel-slider-post-slider-carousel-404-missing-authorization-to-authenticated-contributor-safe-file-type-upload</loc>
<lastmod>2025-11-04T17:49:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-calendar/contact-form-7-calendar-301-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/geo-plugin-by-squirrly-seo-12416-missing-authorization</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-330-missing-authorization-to-authenitcated-subscriber-to-scheduled-trigger-deletion</loc>
<lastmod>2025-11-20T16:58:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dyn-business-panel/dyn-business-panel-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/altos-connect/altos-connect-130-cross-site-scripting</loc>
<lastmod>2015-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2418-ip-address-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-booking-system/wp-booking-system-booking-calendar-14-cross-site-scripting</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-432-missing-authentication-to-unauthenticated-course-modification</loc>
<lastmod>2026-01-05T19:55:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parallax-slider-block/parallax-slider-block-125-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-extra-file-types/wp-extra-file-types-05-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-21115-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-grid-gallery/video-gallery-vimeo-and-youtube-gallery-115-stored-cross-site-scripting</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-4141-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connections/connections-business-directory-10436-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images-ape/gallery-images-ape-228-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-playlist-for-youtube/video-playlist-for-youtube-66-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elisqlreports/ez-sql-reports-shortcode-widget-and-db-backup-52508-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-white-label-branding-free-login-page-customizer-3424-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2026-01-01T13:29:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jk-html-to-pdf/jk-html-to-pdf-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-widget/testimonials-widget-351-multiple-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-collaboration-e-mails/peters-collaboration-e-mails-220-cross-site-request-forgery</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-snippets/post-snippets-custom-wordpress-code-snippets-customizer-4012-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-lottery/digital-lottery-305-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-estimation-form/wp-cost-estimation-9642-missing-authorization-to-arbitrary-file-uploaddelete</loc>
<lastmod>2019-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-film-studio/wp-film-studio-134-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/athos/athos-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indexisto/indexisto-105-reflected-cross-site-scripting</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-3218-unauthenticated-information-exposure</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailkit/emailkit-165-authenticated-author-arbitrary-file-read-via-emailkit-editor-template-rest-parameter</loc>
<lastmod>2026-05-04T14:47:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-162610-unauthenticated-sql-injection</loc>
<lastmod>2025-03-07T20:57:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor-premium/unlimited-elements-for-elementor-and-unlimited-elements-for-elementor-premium-20-unauthenticated-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-454-pro-227-free-missing-authorization-via-config_virtual_event</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-missing-authorization-to-cache-deletion</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-16115-unauthenticated-denial-of-service</loc>
<lastmod>2026-05-26T13:07:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-station/radio-station-2512-cross-site-request-forgery</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link/pretty-links-link-management-branding-tracking-sharing-plugin-156-reflected-cross-site-scripting</loc>
<lastmod>2011-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/selar-co-widget/selarco-widget-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-2127-cross-site-request-forgery-to-level-orders-update</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik/estatik-real-estate-plugin-410-missing-authorization-to-limited-arbitrary-options-update</loc>
<lastmod>2023-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41170-authenticated-contributor-stored-cross-site-scripting-via-custom_svg-parameter</loc>
<lastmod>2026-05-01T21:53:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-4102-sensitive-information-exposure-via-api</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/axioma/axioma-premium-responsive-112-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitor-traffic-real-time-statistics-113-cross-site-request-forgery</loc>
<lastmod>2019-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-330-authenticated-contributor-stored-cross-site-scripting-via-mf_first_name-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-countdown/widget-countdown-274-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-splashing-images/splashing-images-211-cross-site-scripting</loc>
<lastmod>2018-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpt-speakers/cpt-speakers-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-external-links/external-links-257-cross-site-request-forgery-via-action_admin_action_wpel_dismiss_notice</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphina-elementor-charts-and-graphs/graphina-elementor-charts-and-graphs-313-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vdocipher/vdocipher-129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-3519-authenticated-contributor-php-object-injection</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gecko/gecko-60-responsive-shopify-theme-rtl-support-198-reflected-cross-site-scripting</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-scripting-via-logo_width-parameter</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-271-cross-site-scripting</loc>
<lastmod>2016-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-11011-authenticatedcontributor-stored-cross-site-scripting-via-media-url</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_save_sort_order</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-pagespeed-insights/google-pagespeed-insights-403-reflected-cross-site-scripting</loc>
<lastmod>2022-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-media-uploader/url-media-uploader-100-authenticated-author-server-side-request-forgery-via-dns-rebinding</loc>
<lastmod>2025-02-27T20:10:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-323-missing-authorization</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/image-photo-gallery-final-tiles-grid-258-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.6/wordpress-core-361-swf-and-exe-file-upload</loc>
<lastmod>2013-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-event-booking/awesome-event-booking-271-reflected-cross-site-scripting</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-11025-missing-authorization</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mg-post-contributors/mg-post-contributors-13-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pixel/social-pixel-21-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-downloader/media-library-downloader-131-missing-authorization</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-extended/advanced-custom-fields-extended-0886-admin-sql-injection</loc>
<lastmod>2021-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-app/visitors-03-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linear/linear-280-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-currency-exchange-rates/wp-currency-exchange-rates-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-397-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg-lite-interactive-vector-maps/mapsvg-lite-864-missing-authorization</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-invoices-packing-slip-labels-for-woocommerce/woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-442-missing-authorization-to-unauthenticated-settings-reset</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weblizar-pinterest-feeds/weblizar-pin-feeds-112-cross-site-scripting</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bnm-blocks/post-blocks-tools-130-authenticated-author-stored-cross-site-scripting-via-sliderstyle-block-attribute</loc>
<lastmod>2026-04-08T09:11:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marquee-style-rss-news-ticker/marquee-style-rss-news-ticker-320-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-builder/poll-builder-135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/color-your-bar/color-your-bar-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemes-sync/solid-central-site-management-backups-security-and-reporting-328-missing-authorization</loc>
<lastmod>2026-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/contact-form-builder-with-drag-drop-kali-forms-2328-missing-authorization-via-get_log</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/like-box/social-like-box-and-page-by-wpdevart-0839-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts-plus/limit-login-attempts-plus-110-ip-address-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2024-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elementor-addons/easy-elementor-addons-228-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg_radio_player_addon_visual_composer/html5-radio-player-wpbakery-page-builder-addon-25-reflected-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-auto-post-thumbnail-412-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-130-140-reflected-dom-based-cross-site-scripting</loc>
<lastmod>2024-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-3121-3125-reflected-cross-site-scripting</loc>
<lastmod>2019-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beeteam368-extensions/beeteam368-extensions-234-authenticated-subscriber-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2025-06-27T14:26:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensitive-tag-cloud/sensitivetagcloud-141-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel/post-grid-post-carousel-list-category-posts-2427-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-1510-authenticated-contributor-stored-cross-site-scripting-via-zone-parameter</loc>
<lastmod>2025-01-24T18:41:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emerce-core/emerce-core-18-unauthenticated-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-of-goods-for-woocommerce/cost-of-goods-product-cost-profit-calculator-for-woocommerce-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-12T15:52:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mywebtonet-performancestats/phpmysql-cpu-performance-statistics-121-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shmapper-by-teplitsa/shmapper-by-teplitsa-150-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-126-cross-site-request-forgery</loc>
<lastmod>2016-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-232-cross-site-request-forgery</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-security-enhancer/wp-hide-security-enhancer-1392-arbitrary-file-download</loc>
<lastmod>2017-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beautiful-and-responsive-cookie-consent/beautiful-cookie-consent-banner-2100-missing-authorization-to-settings-update</loc>
<lastmod>2023-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dforms/dforms-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-qr-codes/lh-qr-codes-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-click-migration/1-click-wordpress-migration-plugin-100-free-for-a-limited-time-22-cross-site-request-forgery-to-backup-process-cancellation</loc>
<lastmod>2025-02-17T15:40:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/residential-address-detection/residential-address-detection-259-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-box-after-posts/author-box-after-posts-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-me-now/call-me-now-105-cross-site-request-forgery</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-filester-182-authenticated-plugin-settings-update</loc>
<lastmod>2024-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-base-booking-of-appointments-services-and-events/wp-base-booking-500-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/anti-spam-spam-protection-block-spam-users-comments-forms-20247-cross-site-request-forgery-to-multiple-administrative-actions</loc>
<lastmod>2025-06-05T17:43:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mantenimiento-web/mantenimiento-web-013-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadsnap/leadsnap-123-unauthenticated-php-object-injection-via-ajax</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-polylang-support-for-customizer/add-polylang-support-for-customizer-145-cross-site-request-forgery</loc>
<lastmod>2026-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/excel-like-price-change-for-woocommerce-and-wp-e-commerce-light/spreadsheet-price-changer-for-woocommerce-and-wp-e-commerce-light-2437-unauthenticated-privilege-escalation</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloudsecure-wp-security/cloudsecure-wp-security-147-two-factor-authentication-bypass</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-profile-avatar/wp-user-profile-avatar-102-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-plugins-stripe-woo/stripe-payments-for-woocommerce-by-checkout-plugins-1410-cross-site-request-forgery</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-77-missing-authorization-to-authenticated-candidate-stored-cross-site-scripting-via-status</loc>
<lastmod>2025-12-20T01:30:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-ideas/post-ideas-2-unauthenticated-sql-injection</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-4933-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-builder/chartify-353-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/isee-products-extractor/isee-products-extractor-213-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T18:34:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-964-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-travel/travel-management-161-open-redirect</loc>
<lastmod>2019-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11524-authenticated-subscriber-stored-self-based-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-digital-downloads/sell-digital-downloads-227-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system-pro/masterstudy-lms-pro-4716-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-842-authenticated-editor-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahathat/ahathat-plugin-16-cross-site-request-forgery-to-aha-page-deletion</loc>
<lastmod>2025-05-05T15:46:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oleggo-livestream/oleggo-livestream-026-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bg-book-publisher/bg-book-publisher-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:20:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getyourguide-ticketing/getyourguide-ticketing-102-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inseri-core/scientific-and-interactive-blocks-inseri-core-105-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder-block/popupkit-215-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3302-authenticated-contributor-stored-cross-site-scripting-via-text-path-widget</loc>
<lastmod>2025-07-28T16:22:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnetforms/piotnet-forms-1028-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/ultimate-membership-pro-861-cross-site-request-forgery</loc>
<lastmod>2020-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-dash/client-dash-221-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-image-slider-video-slider-3940-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alfie-the-productfeedtool-wp-plugin/alfie-121-cross-site-request-forgery-to-feed-deletion-via-delete-parameter</loc>
<lastmod>2026-05-21T16:12:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-auction/ultimate-wordpress-auction-plugin-429-missing-authorization-to-arbitrary-post-deletion</loc>
<lastmod>2025-03-03T20:35:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15109-authenticated-contributor-information-exposure</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-543-authentication-bypass</loc>
<lastmod>2021-08-24T15:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-3512-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress-button/gamipress-button-107-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6270-unauthenticated-sensitive-information-disclosure-via-log-file</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-custom-css/easy-custom-css-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-oer/wp-oer-090-cross-site-scripting</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.6/wordpress-core-361-spoof-post-authorship</loc>
<lastmod>2013-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-034-information-exposure</loc>
<lastmod>2019-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-create-native-android-ios-apps-on-the-cloud-4164-authenticated-subscriber-html-file-upload-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks-pro/essential-blocks-420-unauthenticated-php-object-injection-via-queries</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/maxbuttons-953-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-gallery-for-matterport-showcase/wp-matterport-shortcode-215-reflected-cross-site-scripting</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/st-gallery-wp/st-gallery-wp-108-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-or-embed-articulate-content-into-wordpress/insert-or-embed-articulate-content-into-wordpress-43000000023-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-fuer-motorrad-werkstaetten/plugin-cms-fr-motorrad-werksttten-100-authenticated-subscriber-sql-injection-via-arttype-parameter</loc>
<lastmod>2026-04-20T14:05:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-addons-for-elementor-waze-map/local-business-addons-for-elementor-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meetinghub/meetinghub-1239-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-management-system-for-gamification-ranks-badges-and-loyalty-program-297-missing-authorization-to-unauthenticated-withdrawal-request-approval</loc>
<lastmod>2025-12-12T17:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-437-missing-authorization-in-check_for_verified_profiles</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-4115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-backuprestore-12412-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T09:43:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-slider-for-elementor/ht-slider-for-elementor-174-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T14:55:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/broadscope/broadscope-unknown-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-manager-for-woocommerce-377-cross-site-request-forgery-leading-to-uninstall-form-submission</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-minify/wp-super-minify-151-cross-site-request-forgery-via-wpsmy_admin_options</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-ecommerce-shopping-cart-443-unauthenticated-php-object-injection</loc>
<lastmod>2016-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-woo-custom-product-variation/opal-woo-custom-product-variation-113-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-ai-seo-tools-to-dominate-seo-rankings-10228-authenticated-administrator-php-object-injection</loc>
<lastmod>2024-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-542-authenticated-contributor-stored-cross-site-scripting-via-custom-attributes</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-pdf-wpforms/embed-pdf-for-wpforms-115-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-09-18T19:35:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-subscribe-button/podlove-subscribe-button-137-cross-site-request-forgery-via-process_form-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bc-woo-custom-thank-you-pages/custom-thank-you-page-customize-for-woocommerce-by-binary-carpenter-1413-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ban-users/ban-users-153-missing-authorization-to-authenticated-subscriber-settings-update-privilege-escalation</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-455-cross-site-request-forgery</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-addons-by-bit14/web-and-woocommerce-addons-for-wpbakery-builder-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-image-magnifier-xoss/wd-image-magnifier-xoss-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hypnotherapy/hypnotherapy-psychologist-theme-1210-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy2map-photos/easy2map-photos-109-sql-injection</loc>
<lastmod>2015-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-sign-up/easy-sign-up-341-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-bar/debug-bar-08-reflected-cross-site-scripting</loc>
<lastmod>2013-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2798-cross-site-request-forgery-to-disable-all-plugins</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-spam/wordpress-zero-spam-211-sql-injection</loc>
<lastmod>2016-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/before-after-image-slider/before-after-image-slider-wp-22-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.3/wordpress-core-63-631-authenticatedcontributor-cross-site-scripting-via-footnotes-block</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatically-hierarchic-categories-in-menu/automatically-hierarchic-categories-in-menu-209-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/wpvivid-backup-0976-authenticated-administrator-arbitrary-file-deletion</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acurax-social-media-widget/social-media-widget-by-acurax-325-cross-site-request-forgery-leading-to-cross-site-scripting-via-the-recordsarray-parameter</loc>
<lastmod>2018-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-1725-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/image-photo-gallery-final-tiles-grid-3611-authenticated-author-insecure-direct-object-reference</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-2724-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-generation/button-generator-easily-button-builder-235-cross-site-request-forgery-in-tools-data-basephp</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-gutenberg-based-page-builder-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweet-blender/tweet-blender-401-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-143-information-exposure-via-log-files</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-chatgpt-assistant/ai-chatbot-with-chatgpt-and-content-generator-by-ays-266-unauthenticated-information-exposure</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-wp-suite/private-wp-suite-041-authenticated-administrator-stored-cross-site-scripting-via-exceptions-setting</loc>
<lastmod>2026-04-21T19:15:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wanderland/wanderland-travel-blog-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email/wp-email-2672-sql-injection</loc>
<lastmod>2016-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dologin/dologin-security-371-missing-authorization-via-rest-endpoints</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmp-coming-soon-maintenance/cmp-coming-soon-maintenance-417-maintenance-mode-bypass</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7132-cross-site-request-forgery</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-3199-unauthenticated-information-exposure</loc>
<lastmod>2026-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/richtexteditor/rich-text-editor-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-column-taxonomy-list/multi-column-taxonomy-list-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-3910-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simasicher-dsgvo-cookie/simacookie-132-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel/wp-travel-931-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eewee-admincustom/eewee-admin-custom-1824-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-citilights/support-for-citilights-real-estate-wordpress-theme-371-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-slider/image-slider-by-ays-responsive-slider-and-carousel-249-reflected-cross-site-scripting</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-72-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-account-deletion</loc>
<lastmod>2025-07-21T15:58:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/upscale/upscale-unknown-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knight-lab-timelinejs/knight-lab-timeline-3933-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11530-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-banner/random-banner-414-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-export-for-woocommerce/import-export-for-woocommerce-161-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/v-form/vform-319-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eduma/eduma-564-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-232-unauthenticated-sql-injection</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2552-authenticated-stored-cross-site-scripting-via-caption</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-730-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-534-unauthenticated-stored-cross-site-scripting-via-notesresource-parameters</loc>
<lastmod>2026-01-08T17:59:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-408-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-suite/custom-field-suite-267-authenticated-contributor-sql-injection-via-term-custom-field</loc>
<lastmod>2024-06-19T13:02:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magone/magone-88-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-delete-user-accounts/wp-delete-user-accounts-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-appointment-booking/smart-appointment-booking-108-missing-authorization-to-unauthenticated-arbitrary-booking-cancellation</loc>
<lastmod>2026-05-11T19:03:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auth0/login-by-auth0-3113-stored-cross-site-scripting</loc>
<lastmod>2020-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery-builder/photo-gallery-builder-30-missing-authorization</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-list/user-list-151-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/wp-all-import-400-reflected-cross-site-scripting-via-filepath</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/frontend-file-manager-sharing-user-private-files-110-sensitive-information-disclosure</loc>
<lastmod>2022-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-638-authenticated-admin-limited-arbitrary-function-call</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-151-unauthenticated-sql-injection</loc>
<lastmod>2026-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-testimonials/awesome-testimonials-221-cross-site-request-forgery</loc>
<lastmod>2025-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/redart/red-art-38-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-310-cross-site-request-forgery</loc>
<lastmod>2014-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-counters/animated-counters-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-16T10:46:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-flexible-shortcodes/meks-flexible-shortcodes-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-380-unauthenticated-authorization-bypass-due-to-use-of-default-secret-key</loc>
<lastmod>2025-07-08T10:43:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homevillas-real-estate/home-villas-real-estate-wordpress-theme-28-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-07-01T14:57:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rimons-twitter-widget/rimons-twitter-widget-124-cross-site-scripting</loc>
<lastmod>2017-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qtranslate-x/qtranslate-x-3468-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dropzone/wp-dropzone-110-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-11-17T20:11:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-popup-blaster/smart-popup-blaster-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T16:13:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-4025-improper-authorization-on-rest-routes-via-save_settings_permission</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-wishlist/wpc-smart-wishlist-for-woocommerce-503-insecure-direct-object-reference-to-unauthenticated-wishlist-manipulation</loc>
<lastmod>2025-10-10T19:41:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-12-modules-all-in-one-solution-formerly-woolentor-297-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-sharebar/easy-social-sharebar-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-508-authenticated-administrator-server-side-request-forgery-via-rest-api-endpoints</loc>
<lastmod>2026-03-03T12:22:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dr-patterson/drpatterson-132-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-in-with-google/sign-in-with-google-180-authentication-bypass-in-authenticate_user</loc>
<lastmod>2024-12-11T15:18:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-532-insecure-direct-object-reference-to-unauthenticated-sensitive-financial-data-exposure-via-sequential-invoice-id</loc>
<lastmod>2026-04-16T15:19:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-plugin/beaver-builder-plugin-starter-version-2921-authenticated-contributor-stored-cross-site-scripting-via-auto_play</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analyticswp/analyticswp-212-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sarada-lite/sarada-lite-112-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3104-incorrect-authorization-to-information-exposure</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-sidebars/custom-sidebars-308-cross-site-request-forgery</loc>
<lastmod>2017-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evarisk/evarisk-5154-arbitrary-file-upload</loc>
<lastmod>2012-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-272-reflected-cross-site-scripting</loc>
<lastmod>2016-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-1241-sensitive-information-disclosure-leading-to-remote-code-execution</loc>
<lastmod>2018-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elegant-addons-for-elementor/elegant-addons-for-elementor-108-authenticated-contributor-stored-cross-site-scripting-via-html-tags</loc>
<lastmod>2024-05-21T16:54:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-widget/gallery-widget-121-authenticated-contributor-sql-injection</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/q2w3-post-order/q2w3-post-order-128-reflected-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimal-coming-soon-maintenance-mode/minimal-coming-soon-coming-soon-page-238-missing-authorization-to-limited-settings-change</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pressforward/pressforward-523-cross-site-scripting</loc>
<lastmod>2017-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patron-button-and-widgets-by-codebard/codebards-patron-button-and-widgets-for-patreon-220-reflected-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lisfinity-core/lisfinity-core-lisfinity-core-plugin-used-for-pebas-lisfinity-wordpress-theme-140-unauthenticated-privilege-escalation-to-editor</loc>
<lastmod>2025-10-14T16:29:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-354-dom-based-iframe-injection</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0973-improper-input-validation-via-openssl_verify</loc>
<lastmod>2019-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-441-open-redirect</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-photo-fetcher/social-photo-fetcher-304-cross-site-request-forgery</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-showcase-with-slick-slider/logo-showcase-with-slick-slider-20-cross-site-request-forgery</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-facebook-reviews/wp-review-slider-139-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3126-authenticatedcontributor-server-side-request-forgery-ssrf</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-dash/data-dash-123-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iq-block-country/wordpress-iq-block-country-1211-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-22T23:26:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sinotype/wp-sinotype-10-cross-site-request-forgery</loc>
<lastmod>2025-10-02T22:12:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cors/wp-cors-022-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-email-test/woocommerce-email-test-15-sensitive-data-exposure</loc>
<lastmod>2016-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invite-anyone/invite-anyone-147-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truelysell-core/truelysell-core-187-unauthenticated-privilege-escalation-via-registration</loc>
<lastmod>2026-02-13T20:06:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth-client-for-user-authentication/oauth-client-single-sign-on-for-wordpress-oauth-20-sso-303-missing-authorization</loc>
<lastmod>2022-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-fields/magic-fields-1-171-cross-site-scripting-via-custom-write-panel-id-parameter</loc>
<lastmod>2019-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveaway/giveaway-122-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kudos-donations/kudos-donations-easy-donations-and-payments-with-mollie-329-reflected-cross-site-scripting-via-add_query_arg</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-hover-footnotes/jquery-hover-footnotes-14-authenticated-author-stored-cross-site-scripting-via-footnote-qualifier-syntax</loc>
<lastmod>2026-06-08T15:07:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects/simple-301-redirects-200-203-authenticated-arbitrary-plugin-activation</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addblockblocker/adblocker-blocker-001-arbitrary-file-upload</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-multipurpose-woocommerce-theme-826-improper-input-validation-leading-to-unauthenticated-cart-manipulation</loc>
<lastmod>2025-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-services-booking/fat-services-booking-56-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-gutenberg/gutenberg-forms-229-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/tablesome-1134-missing-authorization</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-392-denial-of-service-via-xml-2</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terraclassifieds/terraclassifieds-203-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clicksend-contactform7/sms-contact-form-7-notifications-by-clicksend-140-missing-authorization</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xml-sitemap-generator-for-google/xml-sitemap-generator-for-google-133-cross-site-request-forgery-to-plugin-settings-changes</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-zoho/gravity-forms-zoho-crm-and-bigin-129-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigcontact/bigcontact-158-cross-site-request-forgery-leading-to-plugin-settings-updates</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-smtp/easy-wp-smtp-by-sendlayer-230-exposure-of-sensitive-information-via-the-ui</loc>
<lastmod>2024-06-12T20:02:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-content-restriction/easy-digital-downloads-content-restriction-207-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-propagator/plugin-propagator-01-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/guest-posting-frontend-posting-front-editor-wp-front-user-submit-506-unauthenticated-information-exposure</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-map/leaflet-map-344-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bogo/bogo-391-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2026-06-18T16:00:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bing-site-verification-using-meta-tag/binge-site-verification-using-meta-tag-10-authenticated-admin-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcfm-marketplace-rest-api/woocommerce-multivendor-marketplace-rest-api-153-missing-authorization-to-authenticated-subscriber-arbitrary-orderorder-note-disclosure-order-note-addition-via-rest-api</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bug-library/bug-library-214-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-profile-avatar/wp-user-profile-avatar-105-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-01-15T15:23:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-category-by-user-role-for-woocommerce/hide-category-by-user-role-for-woocommerce-231-missing-authorization-to-unauthenticated-cache-flushing</loc>
<lastmod>2025-11-26T17:45:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-automatic-newsletter/easy-automatic-newsletter-lite-320-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meenews/newsletter-meenews-510-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-ai-lite/affiliate-ai-lite-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T18:41:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-price-ticker-widget/cryptocurrency-widgets-price-ticker-coins-list-20-265-unauthenticated-sql-injection</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-acf-681-missing-authorization</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-binary-mlm/binary-mlm-woocommerce-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:22:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-automator-plugin-for-no-code-automations-webhooks-custom-integrations-in-wordpress-567-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-pdf/dk-pdf-wordpress-pdf-generator-230-authenticated-author-server-side-request-forgery</loc>
<lastmod>2026-01-15T18:31:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tableberg/table-block-by-tableberg-0610-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-1258-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-share/simple-social-share-30-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-147-unauthenticated-sql-injection</loc>
<lastmod>2025-12-12T15:19:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-43-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sugar-calendar-lite/sugar-calendar-lite-330-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T17:26:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-login-and-registration-blocks/frontend-login-and-registration-blocks-108-authenticated-subscriber-privilege-escalation-via-password-reset</loc>
<lastmod>2025-04-23T19:45:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdlr-hostel/goodlayers-hostel-312-unauthenticated-sql-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-stripe/simple-stripe-0917-cross-site-request-forgery</loc>
<lastmod>2025-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kirki/kirki-606-unauthenticated-limited-arbitrary-file-read-and-deletion-via-downloadzip</loc>
<lastmod>2026-05-19T06:24:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ban-user/wp-ban-user-10-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/yet-another-stars-rating-312-authenticated-subscriber-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfmatters/perfmatters-216-missing-authorization</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-widgets_watch_data-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seedprod-coming-soon-pro-5/seedprod-pro-61812-authenticated-administrator-sql-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klamra-paycal-for-aspaclaria/klamra-paycal-for-aspaclaria-114-insecure-direct-object-reference-to-authenticated-subscriber-sensitive-information-exposure-via-invoice_id-parameter</loc>
<lastmod>2026-06-05T14:28:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-509-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jch-optimize/jch-optimize-420-authenticated-subscriber-directory-traversal</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jay-login-register/jay-login-register-2603-unauthenticated-privilege-escalation-via-jay_login_register_ajax_create_final_user</loc>
<lastmod>2026-02-07T12:43:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-3120-cross-site-request-forgery-to-limited-file-deletion</loc>
<lastmod>2025-09-26T14:15:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-accessibility/wp-accessibility-231-authenticated-contributor-stored-dom-based-cross-site-scripting-via-alt-attribute</loc>
<lastmod>2026-02-26T19:26:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-1131-cross-site-request-forgery-protection-bypass-via-improper-nonce-distribution</loc>
<lastmod>2025-11-18T17:53:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/like-box/social-like-box-and-page-by-wpdevart-0840-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-167-missing-authorization</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/triple-seven/777-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transmail/zoho-zeptomail-331-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nooni/nooni-151-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-4225-missing-authorization</loc>
<lastmod>2026-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miwoftp/miwoftp-106-cross-site-request-forgery-leading-to-remote-code-execution</loc>
<lastmod>2015-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogmentor/blogmentor-blog-layouts-for-elementor-15-authenticated-contributor-stored-cross-site-scripting-via-pagination_style-parameter</loc>
<lastmod>2024-06-18T14:31:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1387-cross-site-request-forgery-via-add_to_compare</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-1339-missing-authorization</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-elementor-for-woocommerce/envos-elementor-templates-widgets-for-woocommerce-148-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postlists/postlists-202-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-094-server-side-request-forgery-leading-to-host-information-disclosure</loc>
<lastmod>2016-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-buttons-social-sharing-icons-217-reflected-cross-site-scripting</loc>
<lastmod>2019-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-343-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-additional-fees-on-checkout-wordpress/woocommerce-additional-fees-on-checkout-free-147-reflected-cross-site-scripting-via-number</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio4-html5-shoutcast/radio-player-shoutcast-icecast-447-reflected-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-filter-combine-rss-feeds/wp-filter-combine-rss-feeds-04-missing-authorization-to-authenticated-contributor-feed-deletion</loc>
<lastmod>2025-08-22T15:52:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-ready-lite/elementsready-addons-for-elementor-648-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-accelerated-mobile-pages-10961-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-07-23T21:41:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-3151-missing-authorization-to-unauthenticated-arbitrary-post-creation</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fl3r-feelbox/fl3r-feelbox-81-cross-site-request-forgery-leading-to-stored-cross-site-scripting</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-slider/b-slider-gutenberg-slider-block-for-wp-1123-authenticated-contributor-private-post-disclosure-via-bsb-slider-shortcode</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-shipping-multiple-addresses/woocommerce-ship-to-multiple-addresses-385-reflected-cross-site-scripting</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-google-maps/10webmapbuilder-1071-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58001-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaysmtp/yaysmtp-266-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-500-information-disclosure</loc>
<lastmod>2018-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-3283-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-payments-shortcode/paypal-payment-shortcode-101-authenticated-contributor-stored-cross-site-scripting-via-buttom_image-shortcode-attribute</loc>
<lastmod>2025-12-11T14:25:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-menu-bar-cart/woocommerce-menu-cart-2110-reflected-cross-site-scripting</loc>
<lastmod>2022-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-3103-cross-site-request-forgery-via-pms-cross-promotionphp</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-builder/builder-for-contact-form-7-by-webconstruct-122-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooexim/wooexim-woocommerce-export-import-plugin-500-reflected-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-user-profile-user-registration-forms-242-cross-site-scripting</loc>
<lastmod>2016-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yamaps/yamaps-for-wordpress-0640-authenticated-contributor-stored-cross-site-scripting-via-shortcode-parameters</loc>
<lastmod>2026-02-18T16:26:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-accessibility/enable-accessibility-14-cross-site-request-forgery</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-proposals/wp-proposals-23-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-courses/wp-courses-2028-improper-access-controls</loc>
<lastmod>2020-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-showcase-with-slick-slider/logo-showcase-with-slick-slider-logo-carousel-logo-slider-logo-grid-123-stored-cross-site-scripting</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8010-stored-cross-site-scripting</loc>
<lastmod>2022-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-expire-popup/page-expire-popupredirection-for-wordpress-10-authenticated-author-sql-injection-via-id-shortcode-attribute</loc>
<lastmod>2026-01-05T14:51:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cds-simple-seo/simple-seo-1812-cross-site-request-forgery</loc>
<lastmod>2022-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/rental-and-booking-manager-for-bike-car-dress-resort-with-woocommerce-integration-wprently-wordpress-plugin-221-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T19:06:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-168-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sw-product-bundles/sw-product-bundles-2015-missing-authorization</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-vertical-accordion-menu/jquery-accordion-menu-widget-312-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/announce-from-the-dashboard/announce-from-the-dashboard-152-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-products-from-gsheet-for-woo-importer/gsheet-for-woo-importer-231-missing-authorization-to-authenticated-subscriber-plugin-settings-reset</loc>
<lastmod>2026-05-21T06:40:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-map/leaflet-map-300-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3212-cross-site-request-forgery</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/wp-rss-aggregator-4191-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-319-unauthenticated-cross-site-scripting</loc>
<lastmod>2019-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upsell-order-bump-offer-for-woocommerce/upsell-funnel-builder-for-woocommerce-300-unauthenticated-order-manipulation</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-boxes-etc/mbe-eship-224-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-carousel-for-elementor/ultimate-carousel-for-elementor-217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-db/contact-form-to-db-by-bestwebsoft-171-authenticated-administrator-sql-injection-via-s</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-support/fluent-support-191-cross-site-request-forgery</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/helion/helion-personal-portfolio-agency-wordpress-theme-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hamburger-icon-menu-lite/hamburger-icon-menu-lite-10-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-portfolio/premium-portfolio-features-for-phlox-theme-232-authenticated-contributor-stored-cross-site-scripting-via-grid-portfolios</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-regenerate-select-crop/image-regenerate-select-crop-710-missing-authorization-on-multiple-ajax-actions</loc>
<lastmod>2023-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloak-front-end-email/cloak-front-end-email-191-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-poll/simple-poll-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapster-wp-maps/mapster-wp-maps-1200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-25T14:31:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-rl-edition/ltl-freight-quotes-rl-carriers-edition-334-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-exclude/search-exclude-257-missing-authorization-to-authenticated-contributor-search-settings-modification-via-rest-api</loc>
<lastmod>2025-11-24T15:08:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-0183-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resume-submissions-job-postings/resume-submissions-job-postings-plugin-253-stored-cross-site-scripting</loc>
<lastmod>2016-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-thumbnail-editor/post-thumbnail-editor-248-sensitive-information-exposure</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-free-and-premium-1812-reflected-cross-site-scripting</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brid-video-easy-publish/target-video-easy-publish-385-authenticated-contributor-stored-cross-site-scripting-via-width-parameter</loc>
<lastmod>2025-06-17T20:30:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-502-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-offline/site-offline-or-coming-soon-or-maintenance-mode-142-cross-site-request-forgery-and-cross-site-scripting</loc>
<lastmod>2020-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-seo-pack-light-version/aa-team-premium-seo-pack-180-local-file-disclosure-and-arbitrary-file-upload</loc>
<lastmod>2015-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-10218-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-api-amazon-affiliate/no-api-amazon-affiliate-422-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finalist/finalist-all-versions-sql-injection</loc>
<lastmod>2013-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-subscription-widget-for-sendblaster/newsletter-subscription-optin-module-129-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/social-login-and-register-770-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zm-ajax-login-register/zm-ajax-login-register-202-authentication-bypass</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-912-missing-authorization-to-authenticated-subscriber-sql-injecton</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wiredminds-leadlab/leadlab-by-wiredminds-13-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sounder/sounder-internet-radio-streaming-elementor-template-kit-1311-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lizza-lms-pro/lizza-lms-pro-103-unauthenticated-privilege-escalation</loc>
<lastmod>2026-02-18T15:49:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-3711-authenticated-contributor-stored-cross-site-scripting-via-stm_lms_courses_grid_display-shortcode</loc>
<lastmod>2026-02-13T18:22:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-github-gist-shortcodes/easy-github-gist-shortcodes-10-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-01-06T20:33:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woc-order-alert/order-listener-for-woocommerce-361-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-notification/error-notification-027-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-testimonial-widget/wp-testimonial-widget-31-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopwarden/shopwarden-automated-woocommerce-monitoring-testing-1011-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evaluate/evaluate-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-blocks/b-blocks-the-ultimate-block-collection-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orion-sms-otp-verification/orion-sms-otp-verification-117-authentication-bypass-via-account-takeover</loc>
<lastmod>2025-10-14T20:00:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-3101-privilege-escalation</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/livemesh-addons-for-elementor-723-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editormd/wp-editormd-the-perfect-wordpress-markdown-editor-1021-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-3410-missing-access-control-leading-to-authenticated-subscriber-sensitive-information-disclosure</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-blog-designer/sp-blog-designer-100-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-viewer/library-viewer-206-open-redirect-via-redirect_to</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/log-http-requests/log-http-requests-131-stored-cross-site-scripting</loc>
<lastmod>2022-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luckywp-table-of-contents/luckywp-table-of-contents-214-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virim/virim-04-php-object-injection</loc>
<lastmod>2019-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spnbabble/spnbabble-141-multiple-cross-site-request-forgery</loc>
<lastmod>2014-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-more-than-just-a-page-builder-3257-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bitly/bitlys-wordpress-plugin-273-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/async-javascript/async-javascript-2190714-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2020-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ical-feeds/ical-feeds-153-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smoothness-slider-shortcode/smoothness-slider-shortcode-v122-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-ad-staff-employee-directory-search/staff-employee-business-directory-for-active-directory-121-insufficient-escaping-of-stored-ldap-values</loc>
<lastmod>2023-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-266-authenticated-contributor-server-side-request-forgery-in-template_importer</loc>
<lastmod>2023-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-607-authenticated-contributor-php-object-injection</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solidres/solidres-094-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-plugin-301-redirect-manager-73-reflected-cross-site-scripting</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-misconfiguration-that-allows-trigger-of-new-installation</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-adman/new-adman-168-cross-site-request-forgery-via-plugin_menu</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-ai-powered-woocommerce-multivendor-marketplace-solution-build-your-own-amazon-ebay-etsy-502-authenticated-customer-privilege-escalation</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-207-full-path-disclosure</loc>
<lastmod>2007-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-199-missing-authorization-to-unauthenticated-user-token-generation</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-post-type-order/multiple-post-type-order-1100-authenticated-contributor-stored-cross-site-scripting-via-mpto-shortcode</loc>
<lastmod>2025-05-06T13:28:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lawyer-directory/lawyer-directory-133-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-162614-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-timetable/timetable-and-event-schedule-by-motopress-2319-arbitrary-users-hashed-passwordemailusername-disclosure</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-29928-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-by-realfavicongenerator/favicon-by-realfavicongenerator-1321-reflected-cross-site-scripting</loc>
<lastmod>2021-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-forms-3700-reflected-cross-site-scripting</loc>
<lastmod>2021-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-elearning-and-online-course-solution-for-wordpress-1919-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-15107-authenticated-contributor-sql-injection-via-datapost_ids0</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-190-cross-site-request-forgery</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/srs-simple-hits-counter/srs-simple-hits-counter-plugin-for-wordpress-103-104-unauthenticated-sql-injection</loc>
<lastmod>2020-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-management-controller/wp-controller-320-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/float-menu/float-menu-43-arbitrary-menu-deletion-via-cross-site-request-forgery</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-edit-password-protected/wp-edit-password-protected-134-open-redirect</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-rights-access-manager/user-rights-access-manager-107-access-restriction-bypass</loc>
<lastmod>2021-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qode-wishlist-for-woocommerce/qode-wishlist-for-woocommerce-127-unauthenticated-insecure-direct-object-reference-to-wishlist-update</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-block-slider/super-block-slider-279-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-2119-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fulltext-search/wp-fast-total-search-179262-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/almera/almera-responsive-portfolio-site-template-118-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recaptcha-jetpack/recaptcha-jetpack-022-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.1/wordpress-core-209-cross-site-scripting</loc>
<lastmod>2007-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms-anti-spam/maspik-spam-blacklist-0106-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.4/wordpress-core-640-641-remote-code-execution-pop-chain</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/fusion-builder-3111-reflected-cross-site-scripting-via-user-register-element</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mighty-builder/mighty-builder-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/total/total-221-authenticated-contributor-stored-cross-site-scripting-via-post-title-in-blog-section-image-alt-attribute</loc>
<lastmod>2026-05-01T20:29:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-233-authenticated-sql-injection</loc>
<lastmod>2020-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apollo13-framework-extensions/apollo13-framework-extensions-193-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-pushover-notifications/easy-digital-downloads-pushover-notifications-128-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onwebchat/live-chat-live-support-310-cross-site-request-forgery</loc>
<lastmod>2020-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clients/clients-114-missing-authorization</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchplus/searchplus-171-missing-authorization-to-unauthenticated-settings-modification-and-deletion-via-searchplus_save_token-searchplus_reset_token-ajax-actions</loc>
<lastmod>2026-06-23T16:38:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-thumbnail-generator/pdf-thumbnail-generator-13-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T20:29:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmp-coming-soon-maintenance/cmp-coming-soon-maintenance-4113-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-blocks/custom-block-builder-lazy-blocks-420-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/albo-pretorio-on-line/albo-pretorio-online-463-reflected-cross-site-scripting</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ismobile/ismobile-111-authenticated-contributor-stored-cross-site-scripting-via-device-parameter</loc>
<lastmod>2025-06-26T16:18:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pay-with-contact-form-7/pay-with-contact-form-7-104-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-list-table/wp-post-list-table-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ask-me/ask-me-681-cross-site-request-forgery</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/colormag/colormag-4019-missing-authorization-to-authenticated-subscriber-themegrill-demo-importer-plugin-installation</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-announcement-scroll/news-announcement-scroll-888-authenticated-admininstrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-14164-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure-and-privacy-audit-manipulation</loc>
<lastmod>2026-04-16T13:23:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotham-block-extra-light/gotham-block-extra-light-150-authenticated-contributor-arbitrary-file-read-via-ghostban-shortcode</loc>
<lastmod>2026-01-13T17:17:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediabay-lite/mediabay-16-authenticated-editor-stored-cross-site-scripting-vulnerability</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-business-intelligence-lite/wp-business-intelligence-lite-320-missing-authorization</loc>
<lastmod>2026-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-752-missing-authorization</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-for-wordpress-by-funnelkit-3101-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-wp-mail/ultimate-wp-mail-1017-136-missing-authorization-to-authenticated-contributor-privilege-escalation-via-get_email_log_details-function</loc>
<lastmod>2025-07-15T20:41:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-button/wordpress-social-share-buttons-119-reflected-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-409-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/saveo/saveo-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0973-server-side-request-forgery</loc>
<lastmod>2019-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-message-for-woocommerce/gift-message-for-woocommerce-178-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-elementor/essential-addons-for-elementor-pro-548-unauthenticated-server-side-request-forgery</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sayfa-sayac/sayfa-saya-26-unauthenticated-php-object-injection</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/platform/platform-4-114-cross-site-request-forgery</loc>
<lastmod>2016-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/winston-ai-wp/winston-ai-003-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-deletion</loc>
<lastmod>2026-03-06T11:14:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feather-login-page/feather-login-page-113-cross-site-request-forgery</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-listings/auto-listings-265-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audiomack/audiomack-148-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-grid-gallery/video-gallery-vimeo-and-youtube-gallery-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dino-game/dino-game-embed-google-chrome-dinosaur-game-in-wordpress-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:37:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3323-reflected-cross-site-scripting-via-user_ids-parameter</loc>
<lastmod>2025-09-18T16:25:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salient-core/salient-core-202-reflected-cross-site-scripting</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-mailer-256-cross-site-request-forgery-to-arbitrary-log-deletion</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-298-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-fields-to-checkout-page-woocommerce/custom-woocommerce-checkout-fields-editor-134-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-login-woocommerce/otp-login-woocommerce-gravity-forms-22-authentication-bypass-to-privilege-escalation</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1830-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-1292-cross-site-request-forgery-to-remote-code-execution-via-plugin-and-theme-file-editor</loc>
<lastmod>2026-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2021-cross-site-scripting</loc>
<lastmod>2018-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventkoi-lite/event-koi-lite-13131-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-rest-api-endpoints</loc>
<lastmod>2026-06-17T16:08:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-automobile-lite/vw-automobile-lite-212-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-116-missing-authorization-via-save_fields_settings</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-cross-site-request-forgery-via-categorifyajaxclearcategory</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ppc-fraud-detctor/ppc-tracker-wordpress-20-stored-cross-site-scripting-via-ip</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optin/wowoptin-next-gen-popup-maker-1429-unauthenticated-server-side-request-forgery-via-link-parameter-in-rest-api</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-307-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-416-authenticated-subscriber-php-object-injection-via-saved-search</loc>
<lastmod>2025-11-26T00:01:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-permalink-translator/wp-permalink-translator-176-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-management-xtended/admin-management-xtended-240-missing-authorization-checks</loc>
<lastmod>2015-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-image-gallery/image-gallery-lightbox-gallery-responsive-photo-gallery-masonry-gallery-145-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mylinksdump/mylinksdump-12-sql-injection</loc>
<lastmod>2010-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opentracker-analytics/opentracker-analytics-13-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-number-counters/animated-number-counters-21-authenticated-editor-local-file-inclusion</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catablog/catablog-163-reflected-cross-site-scripting</loc>
<lastmod>2012-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-271-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-code-authentication/captcha-code-29-captcha-bypass</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-weather-station/weather-station-3811-cross-site-request-forgery</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-map-locations/cm-map-locations-208-reflected-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-308-insecure-direct-object-reference</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailmunch/mailmunch-grow-your-email-list-318-reflected-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/woocommerce-social-login-263-unauthenticated-php-object-injection</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-googlebot-visit/simple-googlebot-visit-124-missing-authorization-to-settings-update</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-all-comments/delete-all-comments-20-arbitrary-file-upload</loc>
<lastmod>2016-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modeltheme-addons-for-wpbakery/modeltheme-addons-for-wpbakery-and-elementor-156-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-site-verify/simple-site-verify-107-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-masta/mail-masta-10-sql-injection-via-subscriber_email-parameter</loc>
<lastmod>2017-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-easiest-data-table-builder-5012-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-08-26T18:30:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frictionless/frictionless-0023-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T14:11:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-manager/contact-form-manager-143-cross-site-request-forgery</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/steel/steel-130-authenticated-contributor-stored-cross-site-scripting-via-btn-shortcode</loc>
<lastmod>2024-11-15T15:00:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahathat/ahathat-16-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemagick-engine/imagemagick-engine-175-cross-site-request-forgery-to-remote-command-execution</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/wordpress-meta-data-and-taxonomies-filter-mdtf-133-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxwpbookmark/cbx-bookmark-favorite-201-missing-authorization</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkz-ai/linkzai-118-missing-authorization-to-authenticated-subscriber-plugin-settings-update-via-ajax</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3433-cross-site-request-forgery-to-oauth-service-disconnection</loc>
<lastmod>2021-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybookprogress/mybookprogress-by-stormhill-media-108-authenticated-contributor-stored-cross-site-scripting-via-book-parameter</loc>
<lastmod>2025-01-16T18:23:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/background-control/background-control-105-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-mercadopago/mercado-pago-payments-for-woocommerce-660-cross-site-request-forgery</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-agenda/wp-agenda-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-faq-with-expanding-text/easy-faq-with-expanding-text-32831-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filr-protection/filr-secure-document-library-124-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ciyashop/ciyashop-4180-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-730-sensitive-information-disclosure</loc>
<lastmod>2022-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-rating-system/gd-rating-system-36-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-for-wordpress-710-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3192-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-docs/buddypress-docs-223-reflected-cross-site-scripting</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/igumbi-online-booking/igumbi-online-booking-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dazzle/dazzle-100-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whmpress/whmpress-62-revision-9-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soccer-live-scores/soccer-live-scores-105-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-64-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-cross-site-request-forgery-via-clear_page_cache</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-ajax_deactivate</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-40-javascript-injection</loc>
<lastmod>2014-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/livemesh-addons-for-elementor-671-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpseo-local/yoast-seo-local-148-reflected-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-premium-wordpress-form-builder-640-reflected-cross-site-scripting</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rehub-theme/rehub-1961-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-login/custom-login-410-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sevenstars/seven-stars-144-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-2175-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-07-01T17:24:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-answers/cm-answers-319-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-71043-reflected-cross-site-scripting</loc>
<lastmod>2019-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-logger/search-logger-09-authenticated-administrator-sql-injection</loc>
<lastmod>2022-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hub2word/easy-embed-for-hubspot-forms-ctas-links-files-add-hubspot-to-wp-search-results-110-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-app-maker/wp-app-maker-10164-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenify/greenify-22-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-572-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5381-cross-site-request-forgery-via-manual-review-reminders</loc>
<lastmod>2023-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-wootable/woocommerce-shop-page-builder-2277-missing-authorization</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activity-link-preview-for-buddypress/wbcom-designs-activity-link-preview-for-buddypress-144-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-secretary/-132-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-11T15:08:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-1915-authenticated-author-sql-injection-via-cg_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-box/fancybox-101-reflected-cross-site-scripting</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-327-unauthenticated-arbitrary-file-copy-via-move_file_to_upload</loc>
<lastmod>2025-12-20T18:43:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-robot/wordpress-video-robot-the-ultimate-video-importer-1200-unauthenticated-sql-injection</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheet2site/sheet2site-1018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rocket/rocket-3194-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-2118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-best-wordpress-survey-plugin-155-reflected-cross-site-scripting</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/druco/druco-152-reflected-cross-site-scripting</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hester-core/hester-core-118-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-prune-posts/auto-prune-posts-200-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-logo-carousel/simple-logo-carousel-193-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-06-16T21:35:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-sentinel/wordpress-sentinel-100-cross-site-request-forgery</loc>
<lastmod>2011-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prevent-file-access/prevent-files-folders-access-251-authenticated-administrator-arbitrary-file-upload-in-mo_media_restrict_page</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-388-sql-injection</loc>
<lastmod>2020-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentools/gutentools-113-authenticated-contributor-stored-cross-site-scripting-via-post-slider-block-attributes</loc>
<lastmod>2026-04-21T20:38:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-map/custom-map-11-cross-site-scripting</loc>
<lastmod>2017-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-malware-protection/malware-scanner-472-authenticated-administrator-sql-injection</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/wp-ultimate-exporter-11-reflected-cross-site-scripting</loc>
<lastmod>2016-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailmunch/mailmunch-grow-your-email-list-316-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticket/customer-service-software-support-ticket-system-5120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/securimage-wp-fixed/securimage-wp-fixed-354-reflected-cross-site-scripting</loc>
<lastmod>2021-08-11T14:40:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/people-lists/people-lists-1310-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-subtitle-for-woocommerce/product-subtitle-for-woocommerce-139-authenticated-contributor-stored-cross-site-scripting-via-htmltag-parameter</loc>
<lastmod>2025-05-30T18:05:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gt3-photo-video-gallery/photo-gallery-27726-reflected-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/wp-block-and-stop-bad-bots-692-sql-injection</loc>
<lastmod>2022-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-283-missing-authorization</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sudoku-shortcode/sudoku-shortcode-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-post-carousel/multi-post-carousel-by-category-14-authenticated-contributor-stored-cross-site-scripting-via-slides-shortcode-attribute</loc>
<lastmod>2026-03-20T15:20:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/biometric-login-for-woocommerce/biometric-login-for-woocommerce-103-unauthenticated-privilege-escalation</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-add-ons/responsive-plus-starter-templates-advanced-features-and-customizer-settings-for-responsive-theme-314-authenticated-contributor-blind-server-side-request-forgery-via-remote_request</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campaign-url-builder/campaign-url-builder-181-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41038-missing-authorization-to-authenticated-contributor-arbitrary-content-deletion-and-arbitrary-title-update</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/college-publisher-import/college-publisher-import-01-arbitrary-file-upload</loc>
<lastmod>2021-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-widgets/astra-widgets-1216-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmastertoolkit/wpmastertoolkit-2140-missing-authorization</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-568-authenticated-contributor-stored-cross-site-scripting-via-bt_bb_button-shortcode</loc>
<lastmod>2026-05-13T18:18:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spell-check/wp-spell-check-92-reflected-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-announcement-scroll/news-announcement-scroll-900-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/democracy-poll/democracy-poll-603-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppageflip/a-page-flip-book-30-directory-traversal</loc>
<lastmod>2012-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gat/gat-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-importer-plus/demo-importer-plus-209-authenticated-author-blind-xml-external-entity-injection-via-svg-file-upload</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-772-authenticated-contributor-open-redirect</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-to-chat/form-to-chat-app-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-filter-posts/post-grid-master-3412-missing-authorization-to-unauthenticated-local-php-file-inclusion</loc>
<lastmod>2025-01-08T22:10:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteground-email-marketing/siteground-email-marketing-175-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-814-unauthenticated-sql-injection</loc>
<lastmod>2023-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indieweb/indieweb-405-authenticated-author-stored-cross-site-scripting-via-telephone-parameter</loc>
<lastmod>2026-01-08T17:50:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uipress-lite/uipress-lite-3508-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:18:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-emoticon-rating/wp-emoticon-rating-101-cross-site-request-forgery-to-reflected-cross-site-scripting-via-emo_settings-parameter</loc>
<lastmod>2026-06-08T15:06:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandcarrental/grand-car-rental-limousine-html-template-37-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/wp-jobsearch-173-stored-cross-site-scripting</loc>
<lastmod>2021-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-content-shortcode/custom-content-shortcode-401-authenticated-arbitrary-file-access-local-file-inclusion</loc>
<lastmod>2022-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-forms-plugin-for-wordpress-919-missing-authorization-to-unauthenticated-arbitrary-form-entry-modification-via-nf_set_entry_update_id</loc>
<lastmod>2026-03-14T13:14:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-4101-authenticated-code-injection</loc>
<lastmod>2021-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feather-login-page/feather-login-page-107-111-missing-authorization-to-authentication-bypass-and-privilege-escalation</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cta/wordpress-calls-to-action-251-cross-site-scripting</loc>
<lastmod>2015-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-form-wp/comment-form-wp-8211-customize-default-comment-form-200-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamically-display-posts/dynamically-display-posts-11-unauthenticated-sql-injection</loc>
<lastmod>2025-10-14T19:17:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10272-authenticated-contributor-stored-cross-site-scripting-via-colibri_breadcrumb_element-shortcode</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-to-csv/post-to-csv-by-bestwebsoft-131-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-mobile-sitemap/google-xml-sitemap-for-mobile-161-cross-site-request-forgery-via-mobile_sitemap_generate</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaysmtp/yaysmtp-simple-wp-smtp-mail-221-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversador/conversador-261-reflected-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/actionwear-products-sync/actionwear-products-sync-3113-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-more-without-refresh/read-more-without-refresh-31-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2020-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-501-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falcon/falcon-wordpress-optimizations-tweaks-283-missing-authorization</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-commerce-min-weight/woo-commerce-minimum-weight-301-cross-site-request-forgery-via-settings-update-form</loc>
<lastmod>2026-05-11T19:07:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogger-importer/blogger-importer-05-cross-site-request-forgery</loc>
<lastmod>2013-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/float-gateway/float-payment-gateway-119-improper-authorization-to-unauthenticated-order-status-manipulation</loc>
<lastmod>2026-01-13T17:33:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-452-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-4970-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-attempts/limit-attempts-by-bestwebsoft-129-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-440-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-category-image-with-grid-and-slider/post-category-image-with-grid-and-slider-147-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/5star/5-star-10-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2014-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-3735-authenticated-author-arbitrary-file-upload-via-gh_big_file_upload-function</loc>
<lastmod>2025-01-13T20:19:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sangar-slider-lite/sangar-slider-132-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-427-arbitrary-file-deletion</loc>
<lastmod>2020-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hms-testimonials/hms-testimonials-2011-cross-site-scripting</loc>
<lastmod>2013-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-338-authenticated-contributor-stored-cross-site-scripting-via-product-grid-blockuniqid-block-attribute</loc>
<lastmod>2026-05-26T16:17:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1729-cross-site-request-forgery-to-stored-cross-site-scripting-via-saveascopy-ajax-action</loc>
<lastmod>2025-04-15T14:00:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-courses/paid-memberships-pro-courses-for-membership-add-on-123-missing-authorization-to-authenticated-subscriber-course-modifications</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foobox-image-lightbox-premium/lightbox-modal-popup-wordpress-plugin-foobox-free-and-premium-2727-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta-shortcodes/user-meta-shortcodes-05-improper-access-control</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-redirect-manager/premmerce-redirect-manager-109-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/developer-loggers-for-simple-history/developer-loggers-for-simple-history-05-authenticated-admin-local-file-inclusion</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listify/listify-325-cross-site-request-forgery</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-loadsettings-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-last-youtube-video/auto-last-youtube-video-107-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokbox/wordpress-rokbox-213-cross-site-scripting</loc>
<lastmod>2012-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-comments-wpz/disable-comments-wpzest-151-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-after-image-upload/auto-post-after-image-upload-16-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mobile-detector/wp-mobile-detector-32-stored-cross-site-scripting</loc>
<lastmod>2015-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-law-info/gdpr-cookie-consent-compliance-notice-182-authenticated-stored-cross-site-scripting-and-authorization-bypass</loc>
<lastmod>2020-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/launcher/launcher-coming-soon-maintenance-mode-1011-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/VirtualAssistant/wp-virtual-assistant-30-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2022-cross-site-request-forgery</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-education-lite/vw-education-lite-220-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkid/linkid-012-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-08T22:07:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1387-cross-site-request-forgery-via-add_to_wishlist</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-admin-notices/disable-admin-notices-hide-dashboard-notifications-142-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-02-24T20:56:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodlayers-blocks/goodlayers-blocks-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-tweets/inline-tweets-20-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-posts-mp3-player-sharebutton/random-posts-mp3-player-sharebutton-141-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-search/wp-advanced-search-3393-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allada-tshirt-designer-for-woocommerce/allada-t-shirt-designer-for-woocommerce-11-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-242-cross-site-request-forgery</loc>
<lastmod>2014-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-4157-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobhunt-notifications/jobhunt-job-alerts-36-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-721-unauthenticated-arbitrary-shortcode-execution-via-gamipress_do_shortcode-function</loc>
<lastmod>2025-01-21T22:51:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-763-insecure-direct-object-reference-to-comment-rating-increasedecrease</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-and-date-remover/wp-meta-and-date-remover-236-missing-authorization</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geeky-bot/geekybot-generate-ai-content-without-prompt-chatbot-and-lead-generation-118-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-13T17:20:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wisly/wisly-100-insecure-direct-object-reference-to-unauthenticated-wishlist-manipulation</loc>
<lastmod>2025-11-10T14:57:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-flipbook-dflip-lite/dearflip-pdf-flipbook-3d-flipbook-pdf-embed-pdf-viewer-2429-missing-authorization</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloasso/helloasso-1110-missing-authorization</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expand-maker/read-more-accordion-3551-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide-anything/slide-anything-responsive-content-html-slider-and-carousel-2346-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kahuna/kahuna-170-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-round-robin-lead-distribution/contact-form-7-round-robin-lead-distribution-121-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/js-o3-lite/js-o3-lite-1582-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-wp-google-map/best-wp-google-map-21-authenticated-contributor-stored-cross-site-scripting-via-latitude-shortcode-attribute</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-gutenberg-blocks-for-post-grid-249-unauthorized-access-controls</loc>
<lastmod>2021-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-2794-stored-cross-site-scripting</loc>
<lastmod>2015-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-metrics/social-metrics-22-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-submission-dom-tracking/submission-dom-tracking-for-contact-form-7-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-1035-authenticated-contributor-sql-injection-via-merged_question-parameter</loc>
<lastmod>2026-03-23T10:09:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viewmedica/viewmedica-9-1418-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T16:50:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caddy/caddy-197-cross-site-request-forgery</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-6033-stored-cross-site-scripting</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-create-native-android-ios-apps-on-the-cloud-4175-missing-authorization-to-authenticated-subscriber-posts-creation</loc>
<lastmod>2025-05-26T11:27:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-551-missing-authorization-to-user-import</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-download-mirror-counter/download-mirror-counter-11-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-573-reflected-cross-site-scripting</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-447-missing-authorization-on-openai_settings_option_callback</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicewp/slicewp-1118-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-382-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-67064-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-lightbox/wp-jquery-lightbox-154-authenticated-contributor-stored-cross-site-scripting-via-title-attribute</loc>
<lastmod>2024-06-06T15:00:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/step-by-step/step-by-step-045-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mlm/wp-mlm-40-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-add-media-from-url/lh-add-media-from-url-123-reflected-cross-site-scripting</loc>
<lastmod>2024-08-20T17:25:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-488-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-pro/ajax-search-pro-4187-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2020-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knr-author-list-widget/knr-author-list-widget-311-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-352-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmace/gmace-152-authenticatedadmin-directory-traversal</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contacts-manager/wp-contacts-manager-224-unauthenticated-sql-injection</loc>
<lastmod>2022-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-504-cross-site-request-forgery-in-rttpg_spare_me</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clone-by-wp-academy/clone-245-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-638-secure-custom-fields-6362-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donation-button/donation-button-400-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-express-checkout/wp-express-checkout-228-authenticated-admin-stored-cross-site-scripting-via-pec_couponcode</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-addon-for-beaver-builder/powerpack-lite-for-beaver-builder-1303-authenticated-editor-local-file-inclusion</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-in-page/rss-in-page-291-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-paypal-payments/quick-paypal-payments-5725-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-safe-search/wp-safe-search-07-cross-site-scripting</loc>
<lastmod>2010-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-manager/rss-manager-006-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-130-authenticated-admin-stored-cross-site-scripting-via-task-comments</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/wp-easycart-548-cross-site-request-forgery-via-process_bulk_delete_product</loc>
<lastmod>2023-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kbucket/kbucket-your-curated-content-in-wordpress-414-reflected-cross-site-scripting</loc>
<lastmod>2024-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blackcheck/wp-blackcheck-272-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/umich-oidc-login/umich-oidc-login-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:26:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/wp-block-and-stop-bad-bots-crawlers-and-spiders-and-anti-spam-protection-plugin-stopbadbots-660-authenticated-sql-injection</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workreap/workreap-263-insecure-direct-objection-reference-to-private-message-disclosure</loc>
<lastmod>2022-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-filterable-portfolio/awesome-filterable-portfolio-197-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe/iframe-30-reflected-cross-site-scripting</loc>
<lastmod>2015-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-108-139-remote-file-inclusion-via-content-dir</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-price-history/wc-price-history-for-omnibus-213-missing-authorization</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3231-authenticated-contributor-dom-based-stored-cross-site-scripting-via-countup-widget</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-cross-site-request-forgery-to-settings-update-in-disableoptimization</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captivatesync-trade/captivate-sync-303-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truebooker-appointment-booking/truebooker-110-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpecounter/wp-views-counter-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3246-contributor-cross-site-scripting</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-customers-order-history/woocommerce-customers-order-history-522-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-228-authenticated-contributor-stored-cross-site-scripting-via-flickr-widget</loc>
<lastmod>2024-06-10T20:23:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-wordpress-plugin-33714-arbitrary-file-write</loc>
<lastmod>2020-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-customer-support-ticket-helpdesk-plugin-knowledge-base-plugin-174-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-04-04T13:14:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/storely/storely-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:54:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-paypal-payments/quick-paypal-payments-5725-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1372-csv-injection</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joli-table-of-contents/joli-table-of-contents-139-cross-site-request-forgery</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwl-advanced-faq-manager/bwl-advanced-faq-manager-214-missing-authorization-to-authenticated-subscriber-limited-arbitrary-options-update</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-5164-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wu-rating/wu-rating-10-12319-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realty-portal-agent/realty-portal-agent-039-missing-authorization-to-authenticated-subscriber-privilege-escalation-via-rp_user_profile-function</loc>
<lastmod>2025-07-22T14:03:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/minimog/minimogwp-the-high-converting-ecommerce-wordpress-theme-370-unauthenticated-local-php-file-inclusion</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-calendar-booking-plugin-for-appointments-and-events-527-cross-site-request-forgery-in-booking-form-settings-update-to-stored-cross-site-scripting</loc>
<lastmod>2026-03-10T11:29:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-lite-306-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-html-mail/wp-html-mail-291-html-injection</loc>
<lastmod>2019-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-shortcodes/awesome-shortcodes-172-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himer/himer-210-cross-site-request-forgery-to-poll-voting</loc>
<lastmod>2024-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-wysiwyg/real-wysiwyg-002-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-books-showcase/wordpress-book-plugin-for-displaying-books-in-grid-flip-slider-popup-layout-and-more-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-fancybox/advanced-fancybox-111-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobwp/jobwp-job-board-job-listing-career-page-and-recruitment-plugin-239-unauthenticated-sql-injection</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-tuner/theme-tuner-08-remote-file-inclusion</loc>
<lastmod>2012-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-119-stored-cross-site-scripting</loc>
<lastmod>2020-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-874-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-buttons/sticky-buttons-322-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-google-calendar/pretty-google-calendar-200-missing-authorization-to-unauthenticated-google-api-key-exposure</loc>
<lastmod>2025-12-19T15:06:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coreactivity/coreactivity-201-ip-spoofing</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-custom-product-addons/product-addons-for-woocommerce-product-options-with-custom-fields-310-authenticated-shop-manager-code-injection-via-conditional-logic-operator-parameter</loc>
<lastmod>2026-02-17T18:40:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-theme-builder/xpro-theme-builder-129-missing-authorization</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-9028-reflected-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popcashnet-code-integration-tool/popcash-code-integration-tool-11-reflected-cross-site-scripting</loc>
<lastmod>2017-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-165-cross-site-scripting-via-s-parameter</loc>
<lastmod>2020-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-761-information-exposure</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-my-locations/map-my-locations-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-17T16:20:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-sources/dx-sources-201-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-05-04T14:06:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fabrica-reusable-block-instances/fabrica-synced-pattern-instances-108-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-1531-authenticated-subscriber-information-disclosure</loc>
<lastmod>2026-05-12T15:29:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-3011-missing-authorization-to-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-511-authentication-bypass-to-administrator</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/manage-user-columns/manage-user-columns-105-cross-site-request-forgery</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2328-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-redirect-manager/premmerce-redirect-manager-1011-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-339-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-613-sql-injection</loc>
<lastmod>2016-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latex2html/latex2html-255-reflected-cross-site-scripting</loc>
<lastmod>2024-12-20T20:38:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buy-one-click-woocommerce/buy-one-click-woocommerce-229-missing-authorization-to-authenticated-subscriber-settings-import</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/wordpress-meta-data-and-taxonomies-filter-mdtf-1332-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-presentation/3d-presentation-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging/wp-staging-wordpress-backup-plugin-free-312-and-pro-512-sensitive-information-exposure</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-insufficient-access-control-to-template-conditions-modification</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar-event/event-calendar-146-missing-authorization-to-event-modification</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aimogen-pro/aimogen-pro-275-unauthenticated-privilege-escalation-via-arbitrary-function-call</loc>
<lastmod>2026-03-19T15:13:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cibeles-ai/cibeles-ai-1108-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-11-25T09:39:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vi-include-post-by/vi-include-post-by-04200706-authenticated-contributor-stored-cross-site-scripting-via-class_container-shortcode-attribute</loc>
<lastmod>2026-04-14T19:45:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thinkit-wp-contact-form/thinkit-wp-contact-form-03-cross-site-request-forgery</loc>
<lastmod>2013-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/albumreviewer/album-reviewer-202-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-access-areas/access-areas-1519-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-1411-arbitrary-file-upload</loc>
<lastmod>2014-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b2bking-wholesale-for-woocommerce/b2bking-4600-missing-authorization-to-authenticatedsubscriber-price-modification</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lingotek-translation/ray-enterprise-translation-170-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proofreading/proofreading-1211-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T18:27:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-limit-login/wps-limit-login-1461-cross-site-request-forgery</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator-pro/duplicator-157-and-duplicator-pro-45142-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legal-pages/legal-pages-137-missing-authorization-on-deletelegaltemplate</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infocob-crm-forms/infocob-crm-forms-240-authenticated-editor-arbitrary-file-download</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-woocommerce-quickbooks/integration-for-woocommerce-and-quickbooks-131-cross-site-request-forgery</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/architecturer/architecturer-395-reflected-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-129-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-kingcomposer/premium-addons-for-kingcomposer-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-sidebar/subscribe-sidebar-plugin-by-blubrry-131-reflected-cross-site-scripting</loc>
<lastmod>2020-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sw_ajax_woocommerce_search/sw-ajax-woocommerce-search-126-reflected-cross-site-scripting</loc>
<lastmod>2020-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledgebase/knowledge-base-231-authenticated-administrator-stored-cross-site-scripting-via-plugin-slug</loc>
<lastmod>2025-07-17T11:39:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stars-testimonials-with-slider-and-masonry-grid/stars-testimonials-331-authenticated-contributor-stored-cross-site-scripting-via-stars_testimonials-shortcode</loc>
<lastmod>2024-09-30T19:04:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/deans-fckeditor-100-arbitrary-file-upload</loc>
<lastmod>2012-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletter-lite-492-authenticated-admin-command-injection</loc>
<lastmod>2023-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorized-gallery/categorized-gallery-plugin-20-authenticated-contributor-sql-injection</loc>
<lastmod>2025-02-18T19:22:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-2190-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-store-locator/ajax-store-locator-12-arbitrary-file-download</loc>
<lastmod>2014-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4014-cross-site-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-side-data-storage-for-contact-form-7/admin-side-data-storage-for-contact-form-7-111-cross-site-request-forgery</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-top-bar/custom-top-bar-202-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-generator-for-wp/pdf-generator-for-wordpress-111-reflected-cross-site-scripting</loc>
<lastmod>2023-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-6421-authenticated-author-insecure-direct-object-reference</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-woocommerce-csv-loader/ultimate-woocommerce-csv-importer-20-reflected-cross-site-scripting</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-code-manager/header-footer-code-manager-1116-reflected-cross-site-scripting</loc>
<lastmod>2022-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-topbar/wp-topbar-304-cross-site-scripting</loc>
<lastmod>2013-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-2210-cross-site-scripting</loc>
<lastmod>2015-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-builder/app-builder-create-native-android-ios-apps-on-the-flight-433-unauthenticated-limited-sql-injection-via-app-builder-search</loc>
<lastmod>2024-08-20T17:24:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-specific-content/user-specific-content-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember/armember-premium-592-missing-authorization</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-cf7-connector/contact-form-7-connector-122-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uber-grid/wordpress-portfolio-builder-portfolio-gallery-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/classic/classic-15-cross-site-scripting</loc>
<lastmod>2007-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/typing-text/typing-text-127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphina-elementor-charts-and-graphs/graphina-311-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3164-authenticated-contributor-stored-cross-site-scripting-via-get_inline_svg</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-5617-reflected-cross-site-scripting-via-page</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folder-gallery/folder-gallery-174-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T19:50:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-543-missing-authorization</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-10web/seo-by-10web-129-reflected-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cosmosfarm-share-buttons/-by-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-capture/wordpress-email-marketing-plugin-wp-email-capture-310-information-exposure-via-wp_email_capture_options_process</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lock-your-updates/lock-your-updates-11-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/DA10/dating-1120-cross-site-request-forgery</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zoxpress/zoxpress-the-all-in-one-wordpress-news-theme-2120-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-top-bar/mc4wp-mailchimp-top-bar-160-reflected-cross-site-scripting</loc>
<lastmod>2024-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21030-authenticated-contributor-stored-cross-site-scripting-via-form-widget-addr2_width-attribute</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-173-unauthenticated-arbitrary-file-deletion-triggered-via-administrator-submission-deletion</loc>
<lastmod>2025-07-08T17:20:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snapshot-backup/snapshot-backup-211-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/malware-finder/malware-finder-11-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-members/team-members-535-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T13:33:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-field-editor-pro/checkout-field-editor-for-woocommerce-pro-362-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revampcrm-woocommerce/revamp-crm-for-woocommerce-112-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-radio/wp-radio-worldwide-online-radio-stations-directory-for-wordpress-319-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favorites/favorites-234-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/theron-lite/theron-lite-20-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-06-27T20:13:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mini-course-generator/mini-course-generator-embed-mini-courses-and-interactive-content-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-20T14:52:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-imagezoom/wp-imagezoom-110-reflected-cross-site-scripting</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-a-complete-recruitment-system-for-company-or-job-board-website-225-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3293-authenticated-contributor-stored-cross-site-scripting-via-wpdm_modal_login_form-shortcode</loc>
<lastmod>2024-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcode-content-ratio/wpcode-content-ratio-20-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-754-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-post-deletion-in-listing_task</loc>
<lastmod>2023-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-352-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghactivity/ghactivity-200-alpha-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rocket-wp-mobile/mobile-plugin-133-reflected-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-cookies/flexible-cookies-118-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1151-authenticated-administrator-stored-cross-site-scripting-via-manage-bookings</loc>
<lastmod>2023-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-forms-pdf-extended/gravity-pdf-630-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-3326-sensitive-information-exposure-via-csv-files</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3270-insufficient-authorization-to-information-disclosure</loc>
<lastmod>2023-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themedy-toolbox/themedy-toolbox-1016-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jm-twitter-cards/jm-twitter-cards-14-information-exposure-via-meta-description</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flot/wp-flot-022-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:31:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodlayers-core/goodlayers-core-217-authenticated-contributor-privilege-escalation</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-2518-sql-injection</loc>
<lastmod>2018-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmp-coming-soon-maintenance/cmp-coming-soon-maintenance-plugin-4018-unauthenticated-arbitrary-css-update</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-207-authenticated-contributor-sql-injection-via-filter_search-parameter</loc>
<lastmod>2026-05-13T14:22:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-chessboard/embed-chessboard-30700-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-3712-authenticated-vendor-sql-injection</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popping-content-light/popping-content-light-24-reflected-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catch-breadcrumb/catch-breadcrumb-154-reflected-cross-site-scripting</loc>
<lastmod>2020-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-autosearch/wp-autocomplete-search-104-unauthenticated-sql-injection</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration-using-contact-form-7/user-registration-using-contact-form-7-25-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-food-menu-woocommerce-food-ordering-food-delivery-pickup-and-restaurant-reservation-214-cross-site-scripting</loc>
<lastmod>2022-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-product-table-for-woocommerce/free-woocommerce-product-table-view-178-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15121-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-all-in-one-appointment-booking-system-appointment-scheduling-booking-calendar-woocommerce-bookings-1127-missing-payment-verification-to-unauthenticated-payment-bypass</loc>
<lastmod>2025-11-10T22:39:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41031-authenticated-contributor-stored-cross-site-scripting-via-fancy-text-widget</loc>
<lastmod>2024-05-30T17:20:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-load-more/simple-load-more-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-brasil-para-woocommerce/paypal-brasil-para-woocommerce-142-cross-site-request-forgery</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-bookmarking-light/wp-social-bookmarking-light-1710-cross-site-scripting</loc>
<lastmod>2015-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qyrr-code/qyrr-simply-and-modern-qr-code-creation-07-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-wave-google-places-reviews/review-wave-google-places-reviews-147-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-youtube-videos-as-wp-post/import-youtube-videos-as-wp-posts-21-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-blog-card/simple-blog-card-237-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fade-in-text-news/wp-fade-in-text-news-120-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/octrace-support/wordpress-helpdesk-support-ticket-system-plugin-octrace-support-127-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wm-jqmath/wm-jqmath-13-authenticated-contributor-stored-cross-site-scripting-via-style-shortcode-attribute</loc>
<lastmod>2026-04-14T19:46:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/wordpress-contact-forms-by-cimatti-154-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daisycon/daisycon-prijsvergelijkers-484-authenticated-contributor-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yellow-pencil-visual-theme-customizer/visual-css-style-editor-720-unauthenticated-arbitrary-options-update</loc>
<lastmod>2019-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkz-ai/linkzai-118-missing-authorization-to-unauthenticated-plugin-settings-update</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oneclick-whatsapp-order/oneclick-chat-to-order-109-missing-authorization-to-authenticated-editor-plugin-settings-update</loc>
<lastmod>2026-02-18T16:05:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flowfact-wp-connector/flowfact-wp-connector-218-reflected-cross-site-scripting</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-store-locator/wp-store-locator-22261-authenticated-contributor-stored-cross-site-scripting-via-wpsl_address-post-meta</loc>
<lastmod>2026-04-22T14:42:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-453-unauthenticated-open-redirect</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wechat-subscribers-lite/wechat-subscribers-lite-166-reflected-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-missing-authorization-in-deletecssandjscachetoolbar</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexa-blocks/nexa-blocks-111-unauthenticated-blind-server-side-request-forgery-via-demo_json_file-parameter</loc>
<lastmod>2026-05-19T12:03:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/echo-knowledge-base/echo-knowledge-base-documentation-faqs-ai-chat-ai-search-160110-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2110-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-20T14:20:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-chat/click-to-chat-wp-support-all-in-one-floating-widget-233-authenticated-contributor-stored-cross-site-scripting-via-wpsaio_snapchat-shortcode</loc>
<lastmod>2024-10-17T19:22:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charity-addon-for-elementor/charity-addon-for-elementor-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotham-block-extra-light/gotham-block-extra-light-150-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-01-13T17:17:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/companion-auto-update/companion-auto-update-392-authenticated-administrator-stored-cross-site-scripting-via-update_delay_days-parameter</loc>
<lastmod>2025-07-14T20:39:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-326-reflected-cross-site-scripting</loc>
<lastmod>2013-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcomplete/wpcomplete-2954-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-164-unauthenticated-sql-injection</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folders/folders-30-and-folders-pro-302-directory-traversal-via-handle_folders_file_upload</loc>
<lastmod>2024-06-13T15:33:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-257-php-object-injection</loc>
<lastmod>2016-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wphotfiles/hot-files-file-sharing-and-download-manager-plugin-100-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessally/accessally-356-information-exposure</loc>
<lastmod>2021-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-copysafe-web/copysafe-web-protection-315-reflected-cross-site-scripting</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode-site-under-construction/wp-maintenance-mode-site-under-construction-182-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-edit/wp-edit-404-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3221-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pliska/pliska-035-authenticated-contributor-stored-cross-site-scripting-via-author-display-name</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basepress-migration-tools/basepress-migration-tools-100-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agp-font-awesome-collection/agp-font-awesome-collection-324-reflected-cross-site-scripting</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinmonster/popup-builder-by-optinmonster-wordpress-popups-for-optins-email-newsletters-and-lead-generation-2161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T16:30:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search/better-search-421-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-11-22T13:00:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-my-post/rate-my-post-wp-rating-system-334-cross-site-request-forgery</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search/better-search-330-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-148-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-elementor-forms/pdf-for-elementor-forms-drag-and-drop-template-builder-620-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-1104-cross-site-scripting</loc>
<lastmod>2018-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-membership/micropayments-324-reflected-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbrutalai/wp-brutal-ai-200-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math-pro/rank-math-seo-pro-3035-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects/image-hover-effects-54-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2711-authenticated-administrator-sql-injection</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-snow-effect/snow-effect-1115-missing-authorization</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table/easy-table-152-authenticated-stored-cross-site-scripting-via-easy-table-test-area-parameter</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21116-authenticated-editor-php-object-injection</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/machic-core/machic-core-126-reflected-cross-site-scripting</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-vertical-timeline/simple-vertical-timeline-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-798-authenticated-author-php-file-creation-to-remote-code-execution</loc>
<lastmod>2023-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-5165-authenticated-sql-injection</loc>
<lastmod>2021-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-live/wp-youtube-live-182-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-33211-sql-injection</loc>
<lastmod>2019-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-tweet/click-to-tweet-2014-reflected-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripadvisor-shortcode/tripadvisor-shortcode-22-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wavesurfer-wp/wavesurfer-wp-283-authenticated-contributor-stored-cross-site-scripting-via-src-shortcode-attribute</loc>
<lastmod>2026-02-05T18:34:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-security-aios-security-and-firewall-525-reflected-cross-site-scripting</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weight-based-shipping-for-woocommerce/woocommerce-weight-based-shipping-541-cross-site-request-forgery-leading-to-plugin-settings-changes</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/option-tree/option-tree-272-object-injection-bypass</loc>
<lastmod>2019-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitytime/wp-sessions-time-monitoring-full-automatic-108-unauthenticated-sql-injection</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/timetics-1046-incorrect-authorization-to-authenticated-timetics-customer-user-creation</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/colormix/colormix-all-versions-multiple-vulnerabilities</loc>
<lastmod>2013-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-menu-manager/advanced-menu-manager-306-authenticated-subscriber-menu-creationdeletion</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/contact-forms-by-cimatti-154-reflected-cross-site-scripting-via-form-field-id-edit-fid-id-name-type-description-parameters</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-wordpress-migration-plugin-147-unauthenticated-backup-download</loc>
<lastmod>2022-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oopspam-anti-spam/oopspam-anti-spam-spam-protection-for-wordpress-forms-comments-no-captcha-1253-unauthenticated-ip-header-spoofing</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishsuite/wishsuite-134-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-42412-unuathenticated-remote-code-execution</loc>
<lastmod>2025-01-07T18:43:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/easybook/cththemes-citybook-theme-234-townhub-theme-106-easybook-theme-122-cross-site-scripting</loc>
<lastmod>2019-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/raygun4wp/raygun4wp-182-cross-site-scripting</loc>
<lastmod>2017-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-2102-cross-site-request-forgery</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onelogin-saml-sso/onelogin-saml-sso-242-use-of-vulnerable-component</loc>
<lastmod>2016-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-282-arbitrary-file-overwrite</loc>
<lastmod>2014-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-343-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-gallery/flickr-gallery-152-unauthenticated-php-object-injection</loc>
<lastmod>2017-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnetforms/piotnet-forms-1030-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-520-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rest-api-to-miniprogram/rest-api-to-miniprogram-471-unauthenticated-arbitrary-user-email-update-and-privilege-escalation-via-account-takeover</loc>
<lastmod>2024-09-24T12:22:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-comments/disable-comments-remove-comments-stop-spam-multi-site-support-104-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wassup/wassup-real-time-analytics-1945-unauthenticated-stored-cross-site-scripting-via-ip</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clariti/clariti-121-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thumbnail-for-excerpts/thumbnail-for-excerpts-21-cross-site-request-forgery</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-better-search/acf-better-search-330-cross-site-request-forgery</loc>
<lastmod>2019-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketing-optimizer/marketing-optimizer-20200925-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-image-manipulator/simple-image-manipulator-10-remote-file-download</loc>
<lastmod>2015-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyber-new-slider/cyber-slider-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/childhope/childhope-118-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1315-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-site-editing/wordpresscom-editing-toolkit-378784-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-405-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-4131-4152-authenticated-sql-injection</loc>
<lastmod>2021-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-theme-6101-and-jupiterx-core-plugin-207-authenticated-privilege-escalation</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockspare/blockspare-324-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-259-unauthenticated-php-object-injection</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-1918-cross-site-request-forgery</loc>
<lastmod>2016-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newscrunch/newscrunch-184-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-security-headers/gd-security-headers-17-authenticated-admin-sql-injection</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-609-authenticated-subscriber-server-side-request-forgery-via-attachment_id</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-602-authenticated-contributor-stored-cross-site-scripting-via-use-of-the_meta-function</loc>
<lastmod>2022-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-258-cross-site-request-forgery-via-plugin-options-update</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ratemyagent-official/ratemyagent-official-140-cross-site-request-forgery-to-api-key-update</loc>
<lastmod>2025-02-27T16:15:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-advanced-shipment-tracking/advanced-shipment-tracking-for-woocommerce-352-cross-site-request-forgery-via-paginate_shipping_provider_list-and-filter_shipping_provider_list</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-compliance/gdpr-compliance-125-authenticated-subscriber-information-exposure</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-blacklist-cloud/ip-blacklist-cloud-343-directory-traversal</loc>
<lastmod>2015-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpml/wpml-461-cross-site-scripting</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/allegiant/allegiant-127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-kick-integration/streamweasels-kick-integration-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwp-google-xml-sitemaps/better-wordpress-google-xml-sitemaps-141-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-200-missing-authorization-to-settings-update</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-ai-powered-woocommerce-multivendor-marketplace-solution-build-your-own-amazon-ebay-etsy-424-missing-authorization</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ace-post-type-builder/ace-post-type-builder-19-missing-authorization-to-authenticated-subscriber-arbitrary-custom-taxonomy-deletion-via-taxonomy-parameter</loc>
<lastmod>2025-11-24T19:07:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twwc-protein/tww-protein-calculator-1024-authenticated-administrator-stored-cross-site-scripting-via-header-setting</loc>
<lastmod>2025-12-11T14:33:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popular-posts-by-webline/popular-posts-by-webline-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-videos/video-gallery-241-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T14:36:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode/lightstart-maintenance-mode-coming-soon-and-landing-page-builder-268-missing-authorization</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-autokeyword/wp-autokeyword-10-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-addredirectrule-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forumwp/forumwp-forum-discussion-board-plugin-202-insecure-direct-object-reference-to-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2024-09-06T01:21:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/user-registration-202-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-map-pro-lite/image-map-pro-drag-and-drop-builder-for-interactive-images-lite-100-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-for-ultimate-member/video-photo-gallery-for-ultimate-member-111-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wanium/wanium-198-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sweet-energy-efficiency/sweet-energy-efficiency-108-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stencies/stencies-058-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-mirror/content-mirror-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-254-missing-authorization</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-3014-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/scape/scape-1513-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-labels/advanced-woo-labels-236-authenticated-admin-remote-code-execution</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addressbook/addressbook-113-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quickswish/quickswish-109-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-messaging-sms-notification-for-wordpress-woocommerce-gravityforms-etc-549-reflected-cross-site-scripting</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-page/coming-soon-and-maintenance-mode-352-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-225-authenticated-editor-directory-traversal</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipe-card-blocks-by-wpzoom/recipe-card-blocks-for-gutenberg-elementor-331-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kids-online-store/kids-online-store-089-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/woocommerce-store-exporter-175-reflected-cross-site-scripting</loc>
<lastmod>2014-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transfinanz/transfinanz-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-311-remote-code-execution</loc>
<lastmod>2014-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-sub-pages/list-subpages-106-authenticated-contributor-stored-cross-site-scripting-via-title-parameter</loc>
<lastmod>2025-08-28T15:44:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-286-reflected-cross-site-scripting</loc>
<lastmod>2014-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cz-loan-management/cz-loan-management-11-unauthenticated-sql-injection</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenwallet-gateway/woocommerce-green-wallet-gateway-101-reflected-cross-site-scripting</loc>
<lastmod>2022-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelligence/intelligence-140-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-26T13:05:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-builder-1635-authenticated-contributor-stored-cross-site-scripting-via-site-title-widget</loc>
<lastmod>2024-06-12T17:22:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2j-slideshow/slideshow-image-slider-by-2j-1354-reflected-cross-site-scripting</loc>
<lastmod>2022-05-04T07:18:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-portfolio/designthemes-portfolio-13-reflected-cross-site-scripting</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ewww-image-optimizer/ewww-image-optimizer-201-reflected-cross-site-scripting</loc>
<lastmod>2014-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/hotel-booking-228-cross-site-request-forgery</loc>
<lastmod>2025-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-attachments/zip-attachments-15-directory-traversal</loc>
<lastmod>2015-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-for-bike-car-resort-appointment-dress-equipment-271-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-165-cross-site-scripting-via-method</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscription-with-secure-captcha/easy-email-subscription-13-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-11-11T21:45:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vcos/vcos-140-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addons/woocommerce-product-add-ons-613-cross-site-request-forgery</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-357-unprotected-rest-api-to-email-injection</loc>
<lastmod>2021-09-22T15:21:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-display/team-builder-13-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-for-woocommerce/fibosearch-1170-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amen/amen-331-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-window/modal-window-614-cross-site-request-forgery-to-settings-ipdate</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-addon-for-elementor/events-addon-for-elementor-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftcontroller/shiftcontroller-employee-shift-scheduling-4925-reflected-cross-site-scripting-via-query-string</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oliver-pos/oliver-pos-a-woocommerce-point-of-sale-pos-2421-missing-authorization</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-attachments/wp-attachments-505-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/use-any-font/use-any-font-6308-cross-site-request-forgery</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-362-unauthenticated-information-exposure</loc>
<lastmod>2026-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nanocare/nanocare-122-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qzzr-shortcode/qzzr-shortcode-plugin-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-30T14:01:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addonskit-for-elementor/directorist-addonskit-for-elementor-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-169-reflected-cross-site-scripting</loc>
<lastmod>2015-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-611-missing-authorization</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-902-unauthenticated-html-injection</loc>
<lastmod>2024-10-14T17:07:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.4/wordpress-core-44-brute-force-password-recovery-tokens</loc>
<lastmod>2015-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-wp-affiliate-plugin-with-amazon-370-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T21:34:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirection/redirection-228-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-caldera-forms/caldera-forms-google-sheets-connector-13-cross-site-request-forgery</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sneeit-framework/sneeit-framework-83-unauthenticated-remote-code-execution-in-sneeit_articles_pagination_callback</loc>
<lastmod>2025-11-24T14:03:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-exec_admin_widget-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navigation-tree-elementor/navigation-tree-elementor-101-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-facebook-events/import-social-events-185-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-688-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-draft-list/draft-list-262-authenticated-contributor-stored-cross-site-scripting-via-display_name-parameter</loc>
<lastmod>2026-03-18T18:13:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sumome/sumo-134-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember/armember-premium-731-unauthenticated-sql-injection-via-order-parameter</loc>
<lastmod>2026-06-02T05:30:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/wp-all-import-pro-497-cross-site-request-forgery-to-imported-content-deletion</loc>
<lastmod>2025-02-07T03:06:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foobox-image-lightbox/lightbox-modal-popup-wordpress-plugin-foobox-2734-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-07-07T16:14:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unify/unify-349-missing-authorization-to-unauthenticated-option-deletion-via-unify_plugin_downgrade-parameter</loc>
<lastmod>2026-01-06T19:46:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3225-authenticated-contributor-stored-cross-site-scripting-via-testimonial-widget</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9300-authenticated-student-account-takeover-and-privilege-escalation</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-testimonials-showcase/simple-testimonials-showcase-116-cross-site-request-forgery</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4240-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aspose-importer-exporter/aspose-importer-exporter-discontinued-30-arbitrary-file-download</loc>
<lastmod>2015-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-cross-site-scripting-via-shortcodes</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/almera/almera-responsive-portfolio-site-template-2015-05-15-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reloadly-topup-widget/reloadly-201-cross-site-request-forgery</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdeepl/deepl-pro-api-translation-2411-cross-site-request-forgery-via-wpdeepl_prune_logs</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hummingbird-performance/hummingbird-331-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/credit-tracker/credit-tracker-1117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-downloader/media-downloader-0475-reflected-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-491-unauthenticated-sql-injection-via-location_id-parameter</loc>
<lastmod>2026-03-10T17:22:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-244-missing-authorization</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybooktable/mybooktable-bookstore-340-cross-site-request-forgery</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/book-press/bookpress-for-book-authors-127-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-share-buttons/easy-social-share-buttons-145-reflected-cross-site-scripting</loc>
<lastmod>2024-10-09T13:32:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-pdf-viewer/embed-pdf-viewer-244-authenticated-contributor-stored-cross-site-scripting-via-height-and-width-parameters</loc>
<lastmod>2024-10-08T18:54:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3103-authenticated-contributor-stored-cross-site-scripting-via-author-meta-widget</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/planmyday/plan-my-day-1113-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-catalogue/simple-catalogue-102-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-fancybox/firelight-lightbox-2316-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-crm/houzez-crm-147-missing-authorization</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falang/falang-multilanguage-for-wordpress-1349-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-10T08:52:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avirato-calendar/avirato-hotels-online-booking-engine-505-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-1911-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-lyrics-karaoke-player/html5-lyrics-karaoke-player-24-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-385-authenticated-editor-remote-code-execution</loc>
<lastmod>2026-05-26T17:32:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-pinterest/bestwebsofts-pinterest-104-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-history/simple-history-581-authenticated-administrator-sensitive-information-exposure-via-detective-mode</loc>
<lastmod>2025-06-05T21:58:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extended-post-status/extended-post-status-1019-missing-authorization-via-wp_insert_post_data</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1341-captcha-bypass</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-29211-unauthenticated-arbitrary-file-upload-via-legacy-chunked-upload</loc>
<lastmod>2025-11-17T14:26:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tradingview/wp-tradingview-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/ip2location-country-blocker-2388-missing-authorization-to-unauthenticated-information-exposure-via-admin_init-function</loc>
<lastmod>2025-02-21T19:56:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allow-html-in-category-descriptions/allow-html-in-category-descriptions-124-authenticated-administrator-stored-cross-site-scripting-via-category-descriptions</loc>
<lastmod>2026-02-13T18:18:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eg-attachments/eg-attachments-213-reflected-cross-site-scripting-via-paged</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plainview-protect-passwords/plainview-protect-passwords-14-reflected-cross-site-scripting</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-embedder/pdf-embedder-464-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/use-memcached/use-memcached-105-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-gallery/portfolio-gallery-210-reflected-cross-site-scripting</loc>
<lastmod>2016-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordlift/wordlift-3371-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-quality-control-tool/code-quality-control-tool-21-unauthenticated-information-exposure-via-log-files</loc>
<lastmod>2025-10-10T20:31:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-556-cross-site-request-forgery</loc>
<lastmod>2023-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-redirection-manager/404-seo-redirection-13-cross-site-request-forgery</loc>
<lastmod>2021-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-categories-or-products-on-shop-page/hide-categories-or-products-on-shop-page-107-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-04T16:29:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webemailprotector/email-address-security-by-webemailprotector-336-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-broken-links-checker-extension/mainwp-broken-link-checker-40-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-assist/bit-assist-152-authenticated-subscriber-sql-injection-via-id-parameter</loc>
<lastmod>2025-02-13T22:13:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-exporter-for-woocommerce/stock-exporter-for-woocommerce-110-reflected-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-118-stored-cross-site-scripting</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/are-you-robot-recaptcha/are-you-robot-google-recaptcha-for-wordpress-22-reflected-cross-site-scripting</loc>
<lastmod>2025-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artplacer-widget/artplacer-widget-22292-authenticated-contributor-sql-injection</loc>
<lastmod>2025-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-background/custom-background-32267929-arbitrary-file-upload</loc>
<lastmod>2014-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kama-clic-counter/kama-click-counter-403-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sitemap-page/wp-sitemap-page-166-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-checkout-getnet/plugin-oficial-getnet-para-woocommerce-173-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podcast-subscribe-buttons/podcast-subscribe-buttons-142-stored-cross-site-scripting</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-me-now/bulk-me-now-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentforms-pdf/pdf-generator-for-fluent-forms-117-cross-site-scripting</loc>
<lastmod>2024-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-donation-shortcode/paypal-donation-shortcode-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T14:54:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pagseguro-payments/wp-pagseguro-payments-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3131-missing-authorization-to-settings-update</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-fan-page-widget/fan-page-widget-by-themencode-20-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jalbum-bridge/jalbum-bridge-2018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smash/smash-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/better-messages-live-chat-for-wordpress-buddypress-peepso-ultimate-member-buddyboss-274-unauthenticated-limited-server-side-request-forgery-in-nice_links</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-909-cross-site-request-forgery-to-import-delete</loc>
<lastmod>2025-03-24T18:00:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-best-addons-for-elementor-free-143-authenticated-admin-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-wp-stats/kento-wordpress-stats-11-reflected-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkedin-auto-publish/wp-to-linkedin-auto-publish-198-reflected-cross-site-scripting-via-postmessage</loc>
<lastmod>2025-12-12T15:28:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/borderless/borderless-widgets-elements-templates-and-toolkit-for-elementor-gutenberg-153-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-05-14T10:06:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quillforms/quill-forms-330-missing-authorization</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-4014-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-product-labels-for-woocommerce/product-labels-for-woocommerce-sale-badges-1510-authenticated-admin-sql-injection</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-685-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialsnap/social-snap-135-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-1620-cross-site-request-forgery-to-email-address-updateaccount-takeover</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wizit-gateway-for-woocommerce/wizit-gateway-for-woocommerce-129-missing-authentication-to-unauthenticated-arbitrary-order-cancellation</loc>
<lastmod>2026-01-23T19:23:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-210-missing-authorization</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-538-authenticated-subscriber-limited-arbitrary-file-download</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-1278-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ciyashop/ciyashop-multipurpose-woocommerce-theme-4190-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sticky-side-buttons/wp-sticky-side-buttons-21-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-of-goods-for-woocommerce/cost-of-goods-for-woocommerce-370-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/circle-image-slider-with-lightbox/team-circle-image-slider-with-lightbox-10-cross-site-request-forgery</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/ibtana-wordpress-website-builder-1257-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-03-30T16:30:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flagged-content/flagged-content-102-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5952-authenticated-subscriber-full-path-disclosure</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-javascript-toolbox/css-javascript-toolbox-1203-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-1091-cross-site-request-forgery</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/crafti/crafti-handmade-store-wordpress-theme-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-9012-cross-site-request-forgery</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/newsletter-smtp-email-marketing-and-subscribe-forms-by-sendinblue-3160-reflected-cross-site-scripting-via-lang</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardealerpress/cardealerpress-68250500-authenticated-contributor-stored-cross-site-scripting-via-saleclass-parameter</loc>
<lastmod>2025-05-06T13:29:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/honeypot-for-wp-comment/honeypot-for-wp-comment-223-directory-traversal-to-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-bookings-wp/getbookingswp-appointments-bookings-plugin-basic-version-1127-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-02-17T15:46:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-515-unauthenticated-missing-authorization-to-admin-approval-bypass-via-action-parameter</loc>
<lastmod>2026-05-13T19:52:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nexos/nexos-real-estate-wordpress-theme-17-sql-injection</loc>
<lastmod>2020-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-datepicker/wp-datepicker-214-reflected-cross-site-scripting</loc>
<lastmod>2024-12-23T20:08:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zlick-paywall/zlick-paywall-222-cross-site-request-forgery</loc>
<lastmod>2021-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.4/wordpress-core-541-private-post-disclosure</loc>
<lastmod>2020-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-elementor-269-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1323-reflected-cross-site-scripting-via-date</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-booking/wp-booking-244-authenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-business-directory-and-classified-ad-listing-3626-missing-authorization</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustmate-io-integration-for-woocommerce/trustmateio-integration-for-woocommerce-1812-authenticated-subscriber-arbitrary-settings-update</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-eway/woocommerce-eway-gateway-350-insecure-direct-object-reference</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/court-reservation/court-reservation-1108-reflected-cross-site-scripting</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-for-woocommerce/affiliate-for-woocommerce-premium-470-authenticated-insecure-direct-object-reference</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/last-viewed-posts/last-viewed-posts-by-wpbeginner-100-unauthenticated-php-object-injection</loc>
<lastmod>2024-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/absolute-privacy/absolute-privacy-205-authentication-bypass</loc>
<lastmod>2011-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel/wp-travel-1013-authenticated-author-sql-injection</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/splash-header/splash-header-1208-stored-cross-site-scripting</loc>
<lastmod>2021-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-713-unauthenticated-stored-cross-site-scripting-via-value-parameter</loc>
<lastmod>2026-06-23T13:57:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-slideshow-pro/portfolio-slideshow-pro-30-sql-injection</loc>
<lastmod>2013-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-shopping-video-streams/live-shopping-shoppable-videos-for-woocommerce-220-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-vouchers/woocommerce-pdf-vouchers-493-authentication-bypass-to-voucher-vendor</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-like-button/wp-like-button-160-missing-authorization</loc>
<lastmod>2019-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mambo-joomla-importer/mambo-importer-10-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-02-21T15:00:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-217-unauthenticated-authorization-bypass-to-arbitrary-order-completion-via-stripe-webhook-endpoint</loc>
<lastmod>2026-04-07T17:55:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-10-modules-all-in-one-solution-formerly-woolentor-281-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows/cartflows-223-missing-authorization</loc>
<lastmod>2026-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-634-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5300-cross-site-request-forgery</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-200-reflected-cross-site-scripting-via-login_url-parameter</loc>
<lastmod>2025-05-23T15:53:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-banners/custom-banners-21-cross-site-scripting</loc>
<lastmod>2014-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pz-linkcard/pz-linkcard-252-cross-site-request-forgery-via-page_cacheman</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-326-authenticated-contributor-stored-cross-site-scripting-via-mla_tag_cloud-and-mla_term_list-shortcodes</loc>
<lastmod>2025-07-15T20:30:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-fortnox-integration/woocommerce-fortnox-integration-456-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdeslon-affiliate-shop/gdeslon-affiliate-shop-155-open-redirect</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/event-manager-703-reflected-cross-site-scripting-via-calendar_header-parameter</loc>
<lastmod>2025-07-09T09:58:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-734-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1328-authenticated-admin-sql-injection</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-manager/popup-manager-166-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reglevel/reglevel-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-17T14:02:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/platformly/platformly-official-113-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-2014-2015-sql-injection</loc>
<lastmod>2015-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-1521-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-ticket/support-ticket-19-unauthenticated-privilege-escalation</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-manager/contact-manager-864-unauthenticated-arbitrary-double-file-extension-upload</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/punnel-landing-page-builder/punnel-131-missing-authorization-to-authenticated-subscriber-settings-update-via-punnel_save_config-ajax-action</loc>
<lastmod>2026-03-20T15:09:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-394-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-638-reflected-cross-site-scripting</loc>
<lastmod>2014-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-button-for-elementor/download-button-for-elementor-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wh-testimonials/wh-testimonials-300-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-list-shortcode/custom-post-type-list-shortcode-144-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-schema/wordpress-review-structure-data-schema-plugin-review-schema-2114-missing-authorization-to-arbitrary-review-update</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-slider/accordion-slider-1913-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wa11y/wa11y-the-web-accessibility-toolbox-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-132-reflected-cross-site-scripting-via-pointsf</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-manager-for-enamad/logo-manager-for-enamad-070-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contact-form7-email-spam-blocker/wp-contact-form7-email-spam-blocker-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-24T18:41:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document/document-block-upload-embed-docs-110-missing-authorization</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mpdf/wp-mpdf-391-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export-pro/export-any-wordpress-data-to-xmlcsv-141-wp-all-export-pro-186-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-390-sql-injection</loc>
<lastmod>2015-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwd-elementor-addons/bwd-elementor-addons-4320-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-link-directory/simple-link-directory-845-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-12-12T19:48:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-fifu-531-authenticated-contributor-server-side-request-forgery-via-fifu_input_url</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-upload-files-during-checkout/easy-upload-files-during-checkout-300-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logdash-activity-log/logdash-activity-log-113-unauthenticated-sql-injection</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-20-cross-site-scripting</loc>
<lastmod>2018-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-7624-authentication-bypass-via-wordpresscom-oauth-provider</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugins-on-steroids/eazy-plugin-manager-430-missing-authorization</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-with-ticket-scanner/event-tickets-with-ticket-scanner-231-reflected-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-search/wordpress-wp-advanced-search-333-unauthenticated-database-export</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/indoor-plants/indoor-plants-127-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-sniff/browser-sniff-23-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-09-19T18:22:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-all-currencies/all-currencies-for-woocommerce-244-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flashlight/flashlight-284-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-extra-field/comment-extra-fields-17-reflected-cross-site-scripting</loc>
<lastmod>2013-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alt-monitoring/alt-monitoring-103-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-svg-images/wp-svg-images-33-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2021-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-media-file/sell-media-file-with-stripe-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-topbar/wp-topbar-536-authenticated-administrator-sql-injection</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20219-reflected-cross-site-scripting</loc>
<lastmod>2022-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio8-html5-radio_ads/shout-353-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/replace-default-words/replace-default-words-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lettuce/lettuce-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-generation/button-generator-easily-button-builder-238-cross-site-request-forgery</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cwd-stealth-links/cwd-stealth-links-13-unauthenticated-sql-injection</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delicious-recipes/wp-delicious-191-missing-authorization</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-the-chatbot-ai-framework-mcp-for-wordpress-349-authenticated-editor-privilege-escalation</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smdp-affiliate-platform/affiliate-platform-148-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2217-authenticated-teacher-sql-injection</loc>
<lastmod>2025-03-14T14:22:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accept-stripe-payments-using-contact-form-7/accept-stripe-payments-using-contact-form-7-30-unauthenticated-information-exposure</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docollipics-faustball-de/tabellen-von-faustballcom-204-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-cf7-connector/contact-form-7-connector-122-cross-site-request-forgery</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content-generation/wp-wand-unlimited-content-generation-using-ai-for-openai-claude-openrouter-and-deepseek-1307-missing-authorization</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ptoffice-sign-ups/pt-sign-ups-104-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-uk-regional-map/interactive-uk-regional-map-20-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amount-left-free-shipping-woocommerce/free-shipping-bar-amount-left-for-free-shipping-for-woocommerce-246-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/builder-style-manager/ithemes-builder-style-manager-077-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotjar/wp-hotjar-003-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-alert/login-alert-021-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate-pro/shortcodes-ultimate-pro-714-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bizcalendar-web/bizcalendar-web-11025-reflected-cross-site-scripting-via-tab</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3bubble-amazon-s3-audio-streaming/s3bubble-cloud-video-with-adverts-and-analytics-48-arbitrary-file-download</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-social-photos-gallery-post-feed-like-box-654-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-polls/wp-polls-2772-unauthenticated-sql-injection-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-21T14:08:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-compliance/gdpr-cookie-compliance-4158-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/4ecps-webforms/4ecps-web-forms-0218-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-and-notification/booking-calendar-and-notification-403-authentication-bypass</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-ck/carousel-ck-110-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-control/responsive-block-control-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-estes-edition/ltl-freight-quotes-estes-edition-337-unauthenticated-sql-injection</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-programmmanager/wp-pmanager-12-cross-site-request-forgery-to-category-deletion</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invite-anyone/invite-anyone-1318-php-object-injection</loc>
<lastmod>2017-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-core/bbp-core-141-missing-authorization</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-woocommerce-infinite-scroll/woocommerce-infinite-scroll-162-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traveler-layout-essential-for-elementor/traveler-layout-essential-for-elementor-14-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-widget/rss-feed-widget-299-authenticated-contributor-stored-cross-site-scripting-via-rfw-youtube-videos-shortcode</loc>
<lastmod>2024-10-17T21:09:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/th-shop-mania/th-shop-mania-149-authenticated-subscriber-arbitrary-plugin-installationactivation</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11543-authenticated-adminsitrator-sql-injection-via-groupids-parameter</loc>
<lastmod>2026-06-17T16:13:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-shopping-cart-706-missing-authorization</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagopar-woocommerce-gateway/pagopar-8211-woocommerce-gateway-271-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-mobile-and-web-app/push-notification-for-mobile-and-web-app-203-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-support/fluent-support-180-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-best-poll-plugin-for-wordpress-134-missing-authorization</loc>
<lastmod>2020-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-best-help-desk-support-plugin-205-cross-site-request-forgery</loc>
<lastmod>2018-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nirvana/nirvana-26-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1600-authenticated-contributor-stored-cross-site-scripting-via-siteorigin_widget-shortcode</loc>
<lastmod>2024-05-21T19:57:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-deletecachetoolbar</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-post-template/wp-custom-post-template-10-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-294-missing-authorization-to-authenticated-contributor-global-preset-modification</loc>
<lastmod>2025-12-01T18:42:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3562-missing-authorization</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-flash-embed/easy-flash-embed-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgnwrks-twitter-importer/dsgnwrks-twitter-importer-114-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boxberry/-boxberry-232-missing-authorization</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bravada/bravada-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-role-editor/user-role-editor-424-authenticated-privilege-escalation</loc>
<lastmod>2016-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-logo-showcase/logo-slider-and-showcase-1336-settings-update</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cww-portfolio/cww-portfolio-131-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neon/neon-bootstrap-admin-theme-20-cross-site-scripting</loc>
<lastmod>2019-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classic-addons-wpbakery-page-builder-addons/classic-addons-wpbakery-page-builder-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-634-author-stored-cross-site-scripting</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plezi/plezi-103-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluet-keywords-tooltip-generator/tooltipy-51-cross-site-request-forgery</loc>
<lastmod>2018-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3-rotating-words/dynamic-word-spinner-css3-animated-rotation-56-cross-site-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-to-sugarcrm-lead/web-to-sugarcrm-lead-100-cross-site-request-forgery-to-custom-field-deletion</loc>
<lastmod>2025-12-20T14:22:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-154-missing-authorization</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-401-cross-site-request-forgery-to-authentication-takeover</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nifty-backups/nifty-backups-108-reflected-cross-site-scripting</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/conversiosio-691-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-forminator/gsheetconnector-for-forminator-forms-1012-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-support/majestic-support-107-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-511-sql-injection</loc>
<lastmod>2014-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1578-stored-cross-site-scripting-via-uploaded-svg</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1128-authenticated-accounting-manager-sql-injection</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-flexible-shortcodes/meks-flexible-shortcodes-134-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tockify-events-calendar/tockify-events-calendar-2213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery-with-slideshow/image-gallery-with-slideshow-plugin-152-stored-cross-site-scripting</loc>
<lastmod>2017-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surbma-font-awesome/surbma-font-awesome-30-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pro-mime-types/pro-mime-types-107-cross-site-request-forgery</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/indeed-membership-pro-127-reflected-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-skins/contact-form-7-skins-250-reflected-cross-site-scripting</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0974-authenticated-admin-phar-deserialization</loc>
<lastmod>2022-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laposta-signup-basic/laposta-signup-basic-141-missing-authorization</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-google-cloud-print-gcp-woocommerce/bizprint-454-cross-site-request-forgery-to-cross-site-scripting-via-processphp</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booknetic/booknetic-485-missing-authorization</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-173-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yandex-pinger/yandex-site-search-pinger-15-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-elementor-addons-1410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/google-maps-9047-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1838-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-addon-for-elementor/events-addon-for-elementor-212-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-16927-authenticated-contributor-sql-injection</loc>
<lastmod>2026-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-dynamics-365-crm/integrate-dynamics-365-crm-109-missing-authorization</loc>
<lastmod>2025-10-03T14:18:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freshchat/freshchat-234-cross-site-request-forgery</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20230901-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emarksheet/online-marksheet-creator-emarksheet-543-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vertical-image-slider/wordpress-vertical-image-slider-plugin-12-cross-site-request-forgery</loc>
<lastmod>2015-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-control-powered-by-everyblock/widget-control-powered-by-everyblock-101-reflected-cross-site-scripting</loc>
<lastmod>2014-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-manager/broken-link-manager-050-sql-injection</loc>
<lastmod>2015-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/readme-creator/readme-creator-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-widget/accessibility-widget-22-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/out-of-stock-badge/out-of-stock-badge-131-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletin-announcements/announcement-notification-banner-bulletin-370-cross-site-request-forgery</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mm-breaking-news/mm-breaking-news-079-reflected-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/sms-6912-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cars-seller-auto-classifieds-script/car-seller-auto-classifieds-script-210-unauthenticated-sql-injection</loc>
<lastmod>2021-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antihacker/disable-json-api-login-lockdown-xmlrpc-pingback-stop-user-enumeration-anti-hacker-scan-452-missing-authorization-to-authenticated-subscriber-table-truncation</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-152-reflected-cross-site-scripting</loc>
<lastmod>2020-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/motor/motor-cars-parts-service-equipments-and-accessories-woocommerce-store-310-local-file-inclusion</loc>
<lastmod>2021-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamtube-core/streamtube-core-478-unauthenticated-arbitrary-user-password-change</loc>
<lastmod>2025-11-29T12:14:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-paypal-payments/quick-paypal-payments-5725-missing-authorization</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mind3dom-ryebread-widgets/mind3dom-ryebread-widgets-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/wp-ultimate-review-225-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-259-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapster-wp-maps/mapster-wp-maps-150-incorrect-authorization-to-authenticated-contributor-arbitrary-options-update</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-scroll-slideshow-gallery-v2/vertical-scroll-slideshow-gallery-v2-91-authenticated-contributor-sql-injection</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-378-reflected-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eldon/eldon-artist-portfolio-wordpress-theme-141-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/iloveit/i-love-it-24-multiple-vulnerabilities</loc>
<lastmod>2013-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-1131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-247-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastdup/fastdup-217-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/word-replacer/word-replacer-04-authenticated-administrator-stored-cross-site-scripting-via-replacement-parameter</loc>
<lastmod>2026-06-01T19:45:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-factory/shortcode-factory-27-local-file-inclusion</loc>
<lastmod>2019-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-counter/simple-download-counter-222-authenticated-administrator-arbitrary-file-read-via-path-traversal</loc>
<lastmod>2025-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-css/instant-css-114-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-and-swipe-slider/responsive-and-swipe-slider-102-authenticated-editor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-12-19T15:07:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/tagdiv-composer-35-unauthorized-account-access-and-privilege-escalation</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-1512-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hl-twitter/hl-twitter-2014118-cross-site-request-forgery-to-twitter-account-unlink</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getcontentfromurl/getcontentfromurl-10-authenticated-contributor-server-side-request-forgery-via-url-shortcode-attribute</loc>
<lastmod>2026-01-13T17:19:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invoicing/payment-forms-buy-now-buttons-and-invoicing-system-getpaid-2849-unauthenticated-information-exposure</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-282-unauthenticated-sql-injection-via-js-support-ticket-token-tkstatus-cookie</loc>
<lastmod>2026-03-03T20:36:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-369-missing-authorization-to-unauthenticated-payment-status-bypass</loc>
<lastmod>2026-01-15T20:25:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-themer/beaver-themer-149-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-607-cross-site-request-forgery</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/takeout/takeout-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dtabs/dtabs-14-reflected-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultraaddons-elementor-lite/ultraaddons-elementor-lite-200-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/x-addons-elementor/x-addons-for-elementor-1023-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-183-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2431-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahmeti-wp-guzel-sozler/ahmeti-wp-gzel-szler-40-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-article-monetization-by-magenet/website-article-monetization-by-magenet-1011-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-share-vod/video-share-vod-turnkey-video-site-builder-script-2630-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-latest-posts/latest-posts-by-bestwebsoft-03-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-lottie-player/lottie-player-118-authenticated-author-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2025-04-23T19:57:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-0510-arbitrary-backup-creation-and-download</loc>
<lastmod>2015-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocommerce-currency-switcher-137-reflected-cross-site-scripting</loc>
<lastmod>2021-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/corner-ad/corner-ad-1053-reflected-cross-site-scripting</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eyewear-prescription-form/eyewear-prescription-form-601-missing-authorization-to-unauthenticated-arbitrary-woocommerce-category-deletion</loc>
<lastmod>2025-12-12T16:04:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export/export-any-wordpress-data-to-xmlcsv-134-authenticated-sql-injection</loc>
<lastmod>2022-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-custom-admin/simple-custom-admin-12-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastbots-ai-chatbots/fastbots-1012-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-05-11T20:37:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/area53/area53-105-arbitrary-file-upload</loc>
<lastmod>2013-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masy-gallery/masy-gallery-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:54:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12115-authentication-bypass</loc>
<lastmod>2020-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weekly-class/events-schedule-wordpress-events-calendar-272-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crony/crony-cronjob-manager-047-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gallery-exporter/wordpress-gallery-exporter-13-authenticated-administrator-arbitrary-file-download</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobwp/jobwp-239-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/launchpad-by-obox/launchpad-coming-soon-maintenance-mode-plugin-1013-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiplayer-plugin/multiplayer-games-37-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protected-posts-logout-button/protected-posts-logout-button-145-missing-authorization-on-pplb_options_save</loc>
<lastmod>2023-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/save-life/save-life-1213-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-accessibility/accessibility-suite-by-ability-inc-420-authenticated-subscriber-sql-injection-via-scan_id-parameter</loc>
<lastmod>2026-04-15T16:46:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ssv-events/ssv-events-327-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-7602-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-059-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-30-506-cross-site-scripting</loc>
<lastmod>2014-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-optimizer/easy-wp-optimizer-110-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-paytm-pay/paytm-donation-plugin-132-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-banner/simple-banner-2103-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-portal/client-portal-private-user-pages-and-login-118-cross-site-request-forgery-via-cp_create_private_pages_for_all_users-function</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-338-unauthenticated-privilege-escalation</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpblast/wp-blast-seo-performance-booster-186-cross-site-request-forgery-to-cache-clearing</loc>
<lastmod>2025-09-09T17:58:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/septera/septera-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-use-constructor-to-create-tables-1063-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-google-analytics-dashboard-for-wordpress-422-authorization-bypass</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-widget/content-blocks-custom-post-widget-330-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-configurator/login-configurator-21-reflected-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-cleaner/lws-cleaner-230-cross-site-request-forgery</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmandrill/wpmandrill-133-missing-authorization-via-getajaxstats</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-forms/constant-contact-forms-202-missing-authorization-via-constant_contact_privacy_ajax_handler</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basic-google-maps-placemarks/basic-google-maps-placemarks-1107-missing-authorization-to-unauthenticated-default-map-coordinate-update</loc>
<lastmod>2026-04-15T16:47:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-11402-cross-site-request-forgery</loc>
<lastmod>2019-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/occupancyplan/occupancyplan-1030-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-rss/flickrrss-531-cross-site-scripting-via-flickrrss_tags</loc>
<lastmod>2018-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/professional-contact-form/professional-contact-form-100-cross-site-request-forgery-to-test-email-sending</loc>
<lastmod>2025-09-26T18:37:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/compress-66028-missing-authorization</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/online-scheduling-and-appointment-booking-system-bookly-272-unauthenticated-stored-cross-site-scripting-via-bookly-customer-full-name-cookie</loc>
<lastmod>2026-06-12T22:03:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cozy-addons/cozy-blocks-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-nextmove-lite/nextmove-lite-2181-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-easy-form-builder-for-wordpress-contact-forms-payment-forms-surveys-more-1987-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-certificate-creator/gift-certificate-creator-10-stored-cross-site-scripting</loc>
<lastmod>2017-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3633-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery-pro/contest-gallery-pro-2901-unauthenticated-privilege-escalation</loc>
<lastmod>2026-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kingler/kingler-17-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Lead-Octopus-Power/lead-octopus-power-111-sql-injection</loc>
<lastmod>2014-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-179-authenticatedadministrator-stored-cross-site-scripting-via-headerfooter-code</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-628-unauthenticated-payment-amount-manipulation-via-item_meta-parameter</loc>
<lastmod>2026-03-12T19:24:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registrations-for-the-events-calendar/registrations-for-the-events-calendar-275-unauthenticated-sql-injection</loc>
<lastmod>2021-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recommend-a-friend/recommend-to-a-friend-222-cross-site-scripting</loc>
<lastmod>2013-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteseo/siteseo-seo-simplified-127-authenticated-contributor-stored-cross-site-scripting-via-broken-regex-expression</loc>
<lastmod>2025-08-26T10:21:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beacon-for-helpscout/beacon-for-help-scout-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-shortcode/schema-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-03-20T15:18:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-shell/php-shell-all-versions-backdoor</loc>
<lastmod>2008-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-311-remote-code-execution</loc>
<lastmod>2014-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-banner/sticky-banner-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-and-scrollable-text/dropdown-and-scrollable-text-20-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snipe-nginx-cache/cache-sniper-for-nginx-1042-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-2072-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-03-03T20:06:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-551-authenticated-agent-privilege-escalation-to-administrator-via-idor-in-osorderscontrollercreate_or_update-unauthenticated-customer-cabinet-password-reset</loc>
<lastmod>2026-06-15T20:57:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloudflare/cloudflare-1321-cross-site-scripting</loc>
<lastmod>2016-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-table/table-of-content-1531-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-security-txt/generate-securitytxt-1012-missing-authorization-to-authenticated-subscriber-securitytxt-deletion-via-delete_securitytxt-ajax-action</loc>
<lastmod>2026-06-23T16:40:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stafflist/stafflist-323-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-instagram-feed/wd-instagram-feed-130-cross-site-scripting</loc>
<lastmod>2018-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/text-to-speech-tts/text-to-speech-tts-by-mementor-198-use-of-hardcoded-password-to-unauthenticated-remote-database-access</loc>
<lastmod>2026-04-03T22:10:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ownid-passwordless-login/ownid-passwordless-login-134-authentication-bypass</loc>
<lastmod>2025-10-14T19:34:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-external-links/wp-no-external-links-102-authenticated-administrator-stored-cross-site-scritping</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-24-reflected-cross-site-scripting</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-1081-unauthenticated-open-redirect</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-ticker/stock-ticker-3234-authenticated-contributor-stored-cross-site-scritping</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3163-unauthenticated-php-object-injection-to-remote-code-execution</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2662-missing-authorization-check-on-core-functionality</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/optimizepress/optimizepress-16-arbitrary-file-upload</loc>
<lastmod>2013-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3234-sensitive-information-disclosure</loc>
<lastmod>2022-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mz-mindbody-api/mz-mindbody-api-282-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-for-elementor/blog-designer-for-elementor-post-slider-post-carousel-post-grid-117-cross-site-request-forgery</loc>
<lastmod>2025-09-10T18:55:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-65-authenticated-admin-sql-injection-to-reflected-cross-site-scripting</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown_with_background/countdown-with-image-or-video-background-15-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-accessible-event-ticketing-211-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-gdpr-compliance/gdpr-ccpa-compliance-cookie-consent-banner-270-missing-authorization-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-sync-for-woocommerce/stock-sync-for-woocommerce-232-missing-authorization</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventin-pro/wordpress-event-manager-event-calendar-and-booking-plugin-4024-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sales-report-for-woocommerce/berocket-plugins-various-versions-missing-authorization</loc>
<lastmod>2022-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-testimonials-showcase/simple-testimonials-showcase-116-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-209-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows/cartflows-11111-insecure-direct-object-reference-to-arbitrary-post-deletion</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-804-unauthenticated-iframe-injection-via-paragraph-and-short-answer</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vnpay-for-woocommerce/vnpay-for-woocommerce-100-reflected-cross-site-scripting</loc>
<lastmod>2025-10-23T19:56:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vdz-google-analytics/vdz-google-analytics-or-google-tag-manager-gtm-155-stored-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acme-fix-images/acme-fix-images-100-missing-authorization-via-acme_fix_images_ajax_callback</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-formerly-woof-1342-unauthenticated-sql-injection-via-search-terms</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/host-webfonts-local/omgf-453-unauthenticated-path-traversal-in-rest-api</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lead-capture/lead-capturing-pages-25-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-classic-20263-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-visual-sitemap/wp-visual-sitemap-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-poster/fs-poster-658-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/theissue/the-issue-1611-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freetobook-responsive-widget/freetobook-responsive-widget-11-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bpcustomerio/buddypress-customerio-analytics-integration-116-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpeventplus/wordpress-events-calendar-registration-tickets-260-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockart-blocks/blockart-blocks-gutenberg-blocks-page-builder-blocks-wordpress-block-plugin-sections-template-library-2213-authenticated-contributor-stored-cross-site-scripting-via-timestamp-attribute</loc>
<lastmod>2025-12-01T11:37:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kama-clic-counter/kama-click-counter-404-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conveythis-translate/conveythis-2704-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-1203-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-form/adfo-custom-data-in-admin-dashboard-191-authenticated-admin-php-object-injection</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitetweet-tweets-user-behaviors-on-your-site-on-twitter/sitetweet-02-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailing-group/mailing-group-listserv-209-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opt-in-hound/easy-wordpress-subscribe-optin-hound-143-reflected-cross-site-scripting-via-add_query_arg-parameter</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-by-supsystic/photo-gallery-by-supsystic-188-cross-site-request-forgery</loc>
<lastmod>2016-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-customize-login-page/mp-customize-login-page-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-06-23T16:37:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-product-vendors/yith-woocommerce-multi-vendor-380-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shorten-url/short-url-168-cross-site-request-forgery-via-configuration_page</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20245-unauthenticated-settings-update</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dreamgrow-scroll-triggered-box/scroll-triggered-box-23-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmash/newsmash-1034-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-contact-form/quick-contact-form-8031-cross-site-request-forgery-to-sensitive-information-disclosure</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content-pipelines/ai-content-pipelines-16-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-04-04T13:14:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-upload-files/woocommerce-upload-files-843-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-114-authenticatedadministrator-blind-server-side-request-forgery-via-check_url</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-2031-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/classiera/classiera-4034-unauthenticated-sql-injection</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-home-page-menu/wp-home-page-menu-31-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-upload-files-anywhere/upload-files-anywhere-28-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-766-reflected-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-6210-authenticated-contributor-arbitrary-custom-field-access</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multi-step-checkout/multi-step-checkout-for-woocommerce-233-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pre-orders/woocommerce-pre-orders-190-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fantastic-content-protector-free/fantastic-content-protector-free-26-missing-authorization-via-update_setting_fantastic_content_protector</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/squaretype/squaretype-modern-blog-wordpress-theme-304-authorization-bypass</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wt-woocommerce-wishlist/wishlist-for-woocommerce-212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minhnhut-link-gateway/minhnhut-link-gateway-361-authenticated-admin-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-05-26T20:48:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-basic-3834-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2024-07-08T19:39:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-best-wordpress-popup-plugin-378-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-bulk-product-editing/yith-plugins-by-yithemes-various-versions-missing-authorization</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-admin-bar-improved/wordpress-admin-bar-improved-335-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-490-authenticated-author-stored-cross-site-scripting-via-logo-slider-shortcode</loc>
<lastmod>2026-03-20T15:20:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-for-wordpress-formerly-visual-composer-473-multiple-cross-site-scripting-issues</loc>
<lastmod>2015-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-shipping-address-woocommerce/multiple-shipping-address-woocommerce-20-unauthenticated-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-the-ultimate-woocommerce-multivendor-marketplace-solution-424-cross-site-request-forgery-to-vendor-updates</loc>
<lastmod>2024-10-23T19:21:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/democracy-poll/democracy-poll-536-cross-site-request-forgery</loc>
<lastmod>2017-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171020-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-rss-reader/silencesoft-rss-reader-06-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/full-frame/full-frame-272-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-filter/blog-filter-153-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-530-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-2145-cross-site-scripting</loc>
<lastmod>2022-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-2102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mayosis-core/mayosis-core-541-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-04-24T20:29:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-bank/gallery-bank-wordpress-photo-gallery-plugin-3070-reflected-cross-site-scripting</loc>
<lastmod>2014-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-better-emails/wp-better-emails-04-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager/wp-job-manager-1312-php-object-injection-via-phar-deserialization</loc>
<lastmod>2019-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-backup/database-backup-and-check-tables-automated-with-scheduler-2024-232-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2024-12-23T21:07:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayer/wp-prayer-196-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion/fusion-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-addon/astra-pro-431-authenticatedcontributor-remote-code-execution-via-metabox</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-search-powered-by-solr/sunny-search-102-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/webstack/webstack-12024-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-04-14T14:52:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uicore-elements/uicore-elements-1313-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-3525-sql-injection-reflected-cross-site-scripting</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/f4-improvements/f4-improvements-190-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-20T13:40:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricks-196-unauthenticated-remote-code-execution</loc>
<lastmod>2024-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-accessibility-helper/wp-accessibility-helper-wah-0624-missing-authorization-via-ajax-action</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orderable/orderable-1200-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2026-02-18T15:44:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-3132-missing-authorization</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtranslate/translate-wordpress-with-gtranslate-2810-open-redirect</loc>
<lastmod>2017-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-popup/newsletter-popup-12-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dofollow-case-by-case/dofollow-case-by-case-351-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register-social-site/pie-register-social-sites-login-add-on-177-authentication-bypass</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-672-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-12150-missing-authorization</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-after-email/download-after-email-219-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-4131-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-social-login/wordpress-social-login-304-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-services-booking/fat-services-booking-56-unauthenticated-sql-injection</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-collection/quotes-collection-252-authenticated-admin-sql-injection</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-admin-notification-center/hide-admin-notices-admin-notification-center-232-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-sendgrid/smtp-for-sendgrid-yaysmtp-14-unauthenticated-stored-cross-site-scripting-via-email-logs</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smartmag-responsive-retina-wordpress-magazine/smartmag-1010-unauthenticated-sensitive-information-exposure-via-log-files</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preload-current-images/preload-current-images-13-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T14:59:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-smtp/fluentsmtp-200-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iws-geo-form-fields/iws-geo-form-fields-10-unauthenticated-sql-injection</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wayne-audio-player/wayne-audio-player-10-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-elementor-addons/wpzoom-addons-for-elementor-starter-templates-widgets-132-unauthenticated-protected-post-exposure-via-ajax_post_grid_load_more</loc>
<lastmod>2026-02-10T21:12:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safe-ai-malware-protection-for-wp/safe-ai-malware-protection-for-wp-1020-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dexs-pm-system/dexs-pm-system-101-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2013-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-content/private-content-8115-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-roller-scroller/fancy-roller-scroller-140-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatwee/chat-by-chatwee-213-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-09-29T15:21:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swipe-hq-checkout-for-eshop/eshop-swipe-plugin-370-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-login-customizer/wp-login-customizer-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hiweb-migration-simple/hiweb-migration-simple-2001-reflected-cross-site-scripting</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms-anti-spam/maspik-256-cross-site-request-forgery</loc>
<lastmod>2025-09-09T17:27:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-wordpress-directory-listing-theme-261-sensitive-information-disclosure</loc>
<lastmod>2020-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/range-slider-addon-for-gravity-forms/range-slider-addon-for-gravity-forms-116-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acknowledgify/acknowledgify-113-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-342-unauthenticated-server-side-request-forgery</loc>
<lastmod>2023-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-recipe-management-17154-authenticated-contributor-html-injection</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-wordpress-file-upload-pro-4162-authenticated-contributor-path-traversal</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-7312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brave-popup-builder/brave-083-missing-authorization</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/first-order-discount-woocommerce/first-order-discount-woocommerce-121-cross-site-request-forgery</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1238-missing-authorization</loc>
<lastmod>2026-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-list/page-list-56-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-link-remove/comment-link-remove-and-other-comment-tools-214-arbitrary-comment-deletion-via-cross-site-request-forgery</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youmax-channel-embeds-for-youtube-businesses/youtube-video-grid-youmax-19-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/etsy-importer/etsy-importer-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:41:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ali2woo-lite/ali2woo-lite-336-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-rechnungsverwaltung/pdf-rechnungsverwaltung-001-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multi-store-locator/wp-multi-store-locator-249-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/restaurante/restaurante-307-reflected-cross-site-scripting</loc>
<lastmod>2025-08-10T02:02:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kangu/kangu-para-woocommerce-2210-reflected-cross-site-scripting</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-pack-for-elementor/musicians-pack-for-elementor-1841-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ave-core/ave-core-291-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-25-social-icons/download-top-25-social-icons-31-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-share-vod/video-share-vod-turnkey-video-site-builder-script-276-cross-site-request-forgery-to-command-injection</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache-premium/wp-fastest-cache-premium-174-missing-authorization-to-authenticated-subscriber-blind-server-side-request-forgery</loc>
<lastmod>2025-12-11T19:17:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-5164-authenticated-arbitrary-file-upload-leading-to-remote-code-execution</loc>
<lastmod>2021-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portable-phpmyadmin/portable-phpmyadmin-141-information-disclosure</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-for-paypal/checkout-for-paypal-1013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-561-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metronet-tag-manager/metronet-tag-manager-129-cross-site-request-forgery</loc>
<lastmod>2018-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-forum-61011-reflected-cross-site-scripting</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ps-phpcaptcha/ps-phpcaptcha-110-authenticated-denial-of-service</loc>
<lastmod>2019-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vgw-metis/vg-wort-metis-200-missing-authorization-to-authenticated-subscriber-limited-settings-update</loc>
<lastmod>2025-06-25T14:05:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33101-authenticated-subscriber-limited-privilege-escalation</loc>
<lastmod>2024-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contact-slider/wp-contact-slider-247-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-pix-for-givewp/payment-gateway-pix-for-givewp-223-missing-authorization</loc>
<lastmod>2026-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopkeeper-extender/shopkeeper-extender-36-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-domain/multiple-domain-102-cross-site-scripting</loc>
<lastmod>2020-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaky-paywall/leaky-paywall-4208-missing-authorization-to-price-manipulation</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-any-document/embed-any-document-embed-pdf-word-powerpoint-and-excel-files-275-authenticated-contributor-blind-server-side-request-forgery-via-embeddoc-shortcode</loc>
<lastmod>2025-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-login/clean-login-1145-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-08-29T21:08:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-store-locator/store-locator-22260-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hrm/wp-human-resource-management-plugin-226-authorization-bypass</loc>
<lastmod>2019-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osmapper/osmapper-215-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-related-posts/inline-related-posts-360-reflected-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/wp-abstracts-262-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-2212-reflected-cross-site-scripting</loc>
<lastmod>2024-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-customer-for-woocommerce/add-customer-for-woocommerce-17-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bannerize-pro/wp-bannerize-pro-190-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wovax-idx/wovax-idx-122-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font/font-75-path-traversal</loc>
<lastmod>2015-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-player/floating-video-player-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giga-messenger-bots/giga-messenger-express-231-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/active-directory-integration/active-directory-integration-118-authenticated-admin-sql-injection</loc>
<lastmod>2017-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moneytheme/moneytheme-all-versions-arbitrary-file-upload</loc>
<lastmod>2013-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-519-authenticated-author-arbitrary-file-download</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-3012-authenticated-sql-injection</loc>
<lastmod>2018-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-151-unauthenticated-sql-injection-via-usertoken</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-10402-privilege-escalation-via-unprotected-rest-api-endpoint</loc>
<lastmod>2020-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta/user-meta-user-profile-builder-and-user-management-plugin-243-path-traversal</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-4871-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-421-sensitive-information-exposure</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addonify-quick-view/addonify-204-missing-authorization</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-postratings/wp-postratings-189-race-condition</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-facebook-comments/wp-social-comments-173-missing-authorization-via-wpfc_allow_comments</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-fedex-edition/small-package-quotes-for-customers-of-fedex-431-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-db/contact-form-to-db-by-bestwebsoft-170-authenticated-contributor-sql-injection-via-cntctfrmtdb_department</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-430-authenticated-admin-sql-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-user-switching/fast-user-switching-1410-cross-site-request-forgery</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-all-comments-in-one-page/show-all-comments-700-reflected-cross-site-scripting</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-data-table/responsive-data-table-13-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-testimonials/testimonials-by-bestwebsoft-018-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rabbit-loader/rabbitloader-website-speed-optimization-for-improving-core-web-vital-metrics-with-cache-image-optimization-and-more-2210-reflected-cross-site-scripting</loc>
<lastmod>2024-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/image-photo-gallery-final-tiles-grid-352-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-links/wp-affiliate-links-011-reflected-cross-site-scripting</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sendfox/wp-sendfox-131-unauthenticated-information-disclosure</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-options-favicons/extra-options-favicons-110-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.8 beta 2/wordpress-core-58-beta-stored-cross-site-scripting-in-custom-html-block</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-gtin-ean-upc-isbn-for-woocommerce/product-gtin-ean-upc-isbn-for-woocommerce-111-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-2512-authorization-bypass</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/capa/capa-protect-0582-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-538-unauthenticated-php-object-injection</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hc-custom-wp-admin-url/hc-custom-wp-admin-url-14-missing-authorization-to-login-url-change</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toast-stick-anything/sticky-anything-215-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaysmtp/yaysmtp-simple-wp-smtp-mail-22-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-enhancement/catchthemes-plugins-various-versions-missing-authorization</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-223-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-meta-data-and-taxonomies-filter-1333-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nofollow-links/nofollow-links-1010-cross-site-scripting</loc>
<lastmod>2016-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-plugin-3211-cross-site-request-forgery</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-registration-and-profile-form-builder-frontend-editor-buddyforms-easy-wordpress-forms-269-cross-site-scripting</loc>
<lastmod>2022-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricks-1101-authenticated-bricks-page-builder-access-stored-cross-site-scripting</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1524-authenticated-local-file-inclusion</loc>
<lastmod>2019-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-trackback-disabler/simple-trackback-disabler-14-cross-site-request-forgery</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2111-reflected-cross-site-scripting-via-filter-parameters</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2123-authenticated-editor-php-object-injection</loc>
<lastmod>2024-08-23T18:53:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-reviews-shortcode/builder-for-woocommerce-reviews-shortcodes-reviewshort-1015-missing-authorization</loc>
<lastmod>2024-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-2518-cross-site-scripting</loc>
<lastmod>2018-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locatoraid/locatoraid-store-locator-3950-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-meta/socialninja-02-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-audit-exporter/content-audit-exporter-11-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eco-nature/eco-nature-environment-ecology-wordpress-theme-204-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-for-wordpress-3325-cross-site-request-forgery</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-blocks/wp-travel-gutenberg-blocks-392-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-bank/wordpress-captcha-plugin-by-captcha-bank-4036-reflected-cross-site-scripting</loc>
<lastmod>2024-10-03T13:32:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-248-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-42682-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gnupress/gnupress-029-reflected-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171056-authenticated-author-stored-cross-site-scripting-via-image-caption-field</loc>
<lastmod>2026-04-23T16:35:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-reply-email/comment-reply-email-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-admin-page-on-frontend/wp-frontend-admin-1227-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-bio/limit-bio-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-tables/product-table-by-wbw-201-unauthenticated-remote-code-execution</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-video/gallery-video-gallery-and-youtube-gallery-1701-stored-cross-site-scripting</loc>
<lastmod>2016-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-1990-incorrect-authorization-to-authenticated-contributor-plugin-settings-update</loc>
<lastmod>2025-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/handyman-services/handyman-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadlovers-forms/leadlovers-forms-102-missing-authorization</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartcrawl-seo/simple-social-media-share-buttons-382-unauthenticated-password-protected-post-disclosure</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1309-reflected-cross-site-scripting</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jazz-popups/jazz-popups-187-reflected-cross-site-scripting-via-wpjazzpopup_switchonoff</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-gallery-replacement/smooth-gallery-replacement-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-student-result/student-result-or-employee-database-163-authentication-bypass</loc>
<lastmod>2017-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartcrawl-seo/smartcrawl-3143-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spoki/spoki-chat-buttons-and-woocommerce-notifications-21515-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:08:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-10114-missing-authorization-to-settings-update</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php-code-snippet/insert-php-code-snippet-143-missing-authorization</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-4223-missing-authorization</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-monster/event-management-tickets-booking-by-event-monster-plugin-106-cross-site-scripting</loc>
<lastmod>2019-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motopress-hotel-booking-lite/hotel-booking-lite-523-authenticated-hotel-worker-remote-code-execution</loc>
<lastmod>2025-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/startklar-elmentor-forms-extwidgets/startklar-elementor-addons-1715-unauthenticated-path-traversal-to-arbitrary-directory-deletion</loc>
<lastmod>2024-06-05T15:40:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wordpress-shortcodes-plugin-shortcodes-ultimate-493-cross-site-scripting</loc>
<lastmod>2015-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/additional-order-filters-for-woocommerce/additional-order-filters-for-woocommerce-111-reflected-cross-site-scripting</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-to-google-my-business/post-to-google-my-business-3114-cross-site-request-forgery-to-dismiss-notification</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2027-multiple-cross-site-scripting-vulnerabilities</loc>
<lastmod>2018-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3242-unauthenticated-sql-injection</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-category-list/category-dropdown-list-10-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-11T14:32:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weaver-themes-shortcode-compatibility/weaver-themes-shortcode-compatibility-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-addon-templates-widgets-kits-woocommerce-builders-609-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2112-authenticated-contributor-sensitive-information-exposure-to-account-takeover-via-shortcode-template-tag</loc>
<lastmod>2026-03-27T09:48:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-165-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bandsintown/bandsintown-events-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-19T21:09:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1383-shortcode-injection</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayer/wp-prayer-209-cross-site-request-forgery-to-email-settings-update</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20230902-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/voltax-video-player/voltax-video-player-165-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-07-23T20:38:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-map/free-google-maps-101-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-for-campaign-monitor/campaign-monitor-for-wordpress-2815-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wsecure/wsecure-lite-24-remote-code-execution</loc>
<lastmod>2016-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/support-plus-responsive-ticket-system-41-full-path-disclosure</loc>
<lastmod>2014-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-5012-authentication-bypass</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-payments/dreamfox-media-payment-gateway-per-product-for-woocommerce-358-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons-132-reflected-cross-site-scripting</loc>
<lastmod>2021-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-contact-form-with-paypal/cp-contact-form-with-paypal-116-sql-injection</loc>
<lastmod>2015-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-add/landing-page-builder-1520-authenticated-editor-local-file-inlcusion</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-cf7/extensions-for-cf7-306-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/wpvivid-0994-missing-authorization</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-the-1-gamification-plugin-to-reward-points-achievements-badges-ranks-in-wordpress-715-unauthenticated-arbitrary-shortcode-execution-via-gamipress_get_user_earnings</loc>
<lastmod>2024-11-18T22:31:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/togo/togo-travel-tour-booking-wordpress-theme-theme-104-missing-authorization</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-anything-on-click/popup-anything-203-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-178-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-layouts/post-layouts-for-gutenberg-1210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream-video-player/stream-video-player-141-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pojo-accessibility/ally-402-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-tinymce-styles/just-tinymce-custom-styles-121-cross-site-request-forgery</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-6710-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-22T19:12:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-missing-authorization-in-wpfc_clear_cache_of_allsites_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-calendar/appointment-calendar-296-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-271-cross-site-request-forgery</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-easy-data-table-builder-525-authenticated-contributor-information-exposure</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codelights-shortcodes-and-widgets/sidebar-widgets-by-codelights-14-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusedesk/fusedesk-67-authenticated-contributor-stored-cross-site-scripting-via-successredirect-parameter</loc>
<lastmod>2025-04-23T19:47:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bicycleshop/bicycleshop-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-500-authenticated-contributor-content-injection</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3301-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-import/advanced-import-one-click-demo-import-for-wordpress-146-authenticated-author-server-side-request-forgery-via-demo_file-parameter</loc>
<lastmod>2026-06-18T15:57:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bannerize/wp-bannerize-200-402-authenticated-sql-injection-via-id-parameter</loc>
<lastmod>2021-10-05T20:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-user-map/open-user-map-1416-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12220-authentication-bypass-to-account-takeover</loc>
<lastmod>2024-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magways/magways-121-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentformpro/fluent-forms-pro-add-on-pack-6117-missing-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2026-03-04T14:34:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-csv-or-excel-file-to-wordpress-393-authenticated-admin-limited-unsafe-file-upload</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate/idonate-200-219-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-user-deletion-via-admin_post_donor_delete-function</loc>
<lastmod>2025-11-06T15:39:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-video-player-with-analytics/advanced-video-player-with-analytics-1-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11212-authenticated-contributor-stored-cross-site-scripting-via-content-switcher-widget</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charity-addon-for-elementor/charity-addon-for-elementor-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-registration/simple-user-registration-67-authenticated-subscriber-privilege-escalation-via-profile_save_field</loc>
<lastmod>2026-01-27T21:50:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/co2ok-for-woocommerce/co2ok-carbon-offsetting-for-e-commerce-10921-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3510-cross-site-request-forgery-to-ticket-post-status-change</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdreseller/gdreseller-16-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-svg-webp-ico-upload/enable-svg-webp-ico-upload-110-arbitrary-file-upload</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gap-hub-user-role/gap-hub-user-role-341-cross-site-request-forgery</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweet-old-post/revive-old-posts-social-media-auto-post-and-scheduling-plugin-800-authorization-bypass</loc>
<lastmod>2015-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ui-slider-filter-by-price/ui-slider-filter-by-price-11-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1685-authenticated-contributor-stored-cross-site-scripting-via-data-url-dom-element-attribute</loc>
<lastmod>2025-06-24T13:56:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propovoice/propovoice-crm-1762-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-contact-form-7-and-aweber/contact-form-7-aweber-extension-0142-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sync-for-notion/wp-sync-for-notion-170-missing-authorization</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-writer/content-writer-368-unauthenticated-information-exposure-via-log-file</loc>
<lastmod>2025-10-14T20:02:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-164-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tumult-hype-animations/tumult-hype-animations-1912-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesomepress/awesomepress-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bread-butter/bread-butter-gate-content-capture-leads-collect-first-party-data-nurture-with-ai-agents-7111374-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2025-12-04T16:31:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-listing-realtyna-wpl/realtyna-organic-idx-plugin-4144-reflected-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/oauth-single-sign-on-sso-oauth-client-6225-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weglot/translate-wordpress-and-go-multilingual-weglot-51-missing-authorization-to-unauthenticated-limited-transient-deletion</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchterms-tagging-2/searchterms-tagging-2-1535-reflected-cross-site-scripting</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geotagged-media/geotagged-media-030-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar-shortcode/the-events-calendar-shortcode-block-312-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-09T20:37:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hesabfa-accounting/hesabfa-accounting-224-unauthenticated-sensitive-information-exposure-via-log-file</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-twitpic/wp-twitpic-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-26T14:19:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/string-locator/string-locator-242-authenticated-arbitrary-file-read</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-slider-lite/accordion-slider-lite-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T19:04:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-paypal-extension/accept-paypal-payments-using-contact-form-7-405-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12319-authenticated-contributor-sql-injection-via-url-parameter</loc>
<lastmod>2024-07-19T20:19:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-notify-lite/popup-builder-1132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-filter-posts/post-grid-master-347-missing-authorization</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermonaudio-widgets/sermonaudio-widgets-193-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-wordpress-70-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-column-tag-map/multi-column-tag-map-17033-authenticated-contributor-stored-cross-site-scripting-via-mctagmap-shortcode</loc>
<lastmod>2024-12-20T18:46:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4618-cross-site-scripting-via-contentarea-parameter</loc>
<lastmod>2019-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/repairbuddy-41132-missing-authorization-to-authenticated-subscriber-plugin-settings-modification-via-wc_rep_shop_settings_submission-ajax-action</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dpt-oauth-client/oauth-client-by-digitialpixies-110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inlinkz-scripter/ez-inlinkz-linkup-018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/presto-player/the-ultimate-video-player-for-wordpress-by-presto-player-413-missing-authorization</loc>
<lastmod>2026-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/swagger/themeblvd-themesplugins-various-versions-missing-authorization-checks</loc>
<lastmod>2014-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/findgo/findgo-1357-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-stripe-and-woocommerce-integration/stripe-payment-plugin-for-woocommerce-359-reflected-cross-site-scripting</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-281-authenticated-cross-site-scripting</loc>
<lastmod>2019-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-linked-images-to-gallery-v01/add-linked-images-to-gallery-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncode-core/uncode-core-288-privilege-escalation</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwp-histats/gwp-histats-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2444-missing-authorization-to-authenticated-contributor-post-modification</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-for-japan/japanized-for-woocommerce-254-reflected-cross-site-scripting</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-483-sql-injection-due-to-double-prepare-approach</loc>
<lastmod>2017-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/javascript-logic/javascript-logic-01-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allaccessible/accessibility-by-allaccessible-134-missing-authorization-to-authenticated-subscriber-arbitrary-option-update</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-1817-missing-authorization-to-unauthorized-donation</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-control/user-control-210-sql-injection</loc>
<lastmod>2018-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anti-plagiarism/anti-plagiarism-360-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-16742-authenticated-admin-remote-code-execution</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminquickbar/adminquickbar-193-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-23T19:27:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress-youtube-integration/gamipress-youtube-integration-107-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/single-sign-on-client/simple-single-sign-on-411-insecure-oauth-implementation-to-authentication-bypass</loc>
<lastmod>2022-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sendgrid-mailer/sendgrid-for-wordpress-14-missing-authorization-to-authenticated-subscriber-log-deletion</loc>
<lastmod>2024-10-17T15:43:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-request-a-quote/yith-woocommerce-request-a-quote-2460-missing-authorization</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-165-unauthenticated-data-export-to-sensitive-information-disclosure</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-form/hash-form-121-missing-authorization-to-authenticated-contributor-form-style-creation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-1911-hidden-login-page-location-disclosure</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-download/wp-download-12-sql-injection</loc>
<lastmod>2008-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gb-gallery-slideshow/gb-gallery-slideshow-15-sql-injection</loc>
<lastmod>2014-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundy-audio-playlist/soundy-audio-playlist-46-cross-site-scripting</loc>
<lastmod>2018-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pta-volunteer-sign-up-sheets/volunteer-sign-up-sheets-554-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visibility-logic-elementor/visibility-logic-for-elementor-234-cross-site-request-forgery-via-toggle_option</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio11-html5-shoutcast_history/clever-26-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alpine-photo-tile-for-pinterest/alpine-phototile-for-pinterest-131-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/ai-power-complete-ai-pack-1896-authenticated-admin-php-object-injection-via-wpaicg_export_ai_forms</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-557-reflected-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3104-authenticated-contributor-stored-cross-site-scripting-via-calendy</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/everest-news-pro/everest-news-pro-117-reflected-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thecotton_v114/thecotton-114-arbitrary-file-upload</loc>
<lastmod>2014-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1151-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/planning-center-online-giving/planning-center-online-giving-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptools/wp-tools-524-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-box-gallerymeta/meta-box-gallerymeta-301-authenticated-editor-stored-cross-site-scripting-via-image-caption</loc>
<lastmod>2026-01-23T20:03:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-7442-authenticated-contributor-stored-cross-site-scripting-via-content-filter</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-opening-hours/opening-hours-230-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redi-restaurant-reservation/redi-restaurant-reservation-240902-reflected-cross-site-scripting</loc>
<lastmod>2024-10-16T13:30:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fw-anker/fw-anker-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/f70-lead-document-download/f70-lead-document-download-144-missing-authorization-to-unauthenticated-arbitrary-media-file-download</loc>
<lastmod>2025-12-19T15:02:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azurecurve-toggle-showhide/azurecurve-toggle-showhide-213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.1/wordpress-core-621-authenticated-contributor-stored-cross-site-scripting-via-embed-discovery</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-exclude/search-exclude-123-arbitrary-settings-change</loc>
<lastmod>2019-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apocalypse-meow/apocalypse-meow-2113-2127-authentication-bypass</loc>
<lastmod>2017-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-thumbnail-generator/pdf-thumbnail-generator-14-cross-site-request-forgery</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-217-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1046-reflected-cross-site-scripting</loc>
<lastmod>2022-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compact-wp-audio-player/compact-wp-audio-player-1913-authenticated-contributor-stored-cross-site-scripting-via-sc_embed_player-shortcode</loc>
<lastmod>2024-10-23T21:58:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/firedrum-email-marketing/firedrum-email-marketing-164-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rapyd-payments/rapyd-payment-extension-for-woocommerce-120-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-165-reflected-cross-site-scripting</loc>
<lastmod>2017-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7-1362-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplified-content/simplified-content-101-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-227-sensitive-information-exposure-via-user-uploads</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-labels/advanced-woo-labels-237-authenticated-contributor-remote-code-execution-via-callback-parameter</loc>
<lastmod>2026-02-24T19:54:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/savoy/savoy-308-unauthenticated-information-exposure</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-video-importer/meks-video-importer-1012-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-wordpress-currency-switcher-professional-1204-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bg-orthodox-calendar/bg-orthodox-calendar-01310-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-3131-authenticated-contributor-stored-cross-site-scripting-via-fiestar-widget</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sourceplay-navermap/sourceplay-navermap-002-missing-authorization</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ql-cost-calculator/cost-calculator-74-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-restrict/simple-restrict-127-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-generator/contact-form-generator-creative-form-builder-for-wordpress-2186-cross-site-request-forgery</loc>
<lastmod>2015-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-styler/easy-login-styler-white-label-admin-login-page-for-wordpress-106-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemapper/imagemapper-126-cross-site-request-forgery-to-stored-cross-site-scripting-via-imgmap_save_area_title</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upmenu/upmenu-31-authenticated-contributor-stored-cross-site-scripting-via-upmenu-menu-shortcode-lang-attribute</loc>
<lastmod>2026-02-13T18:33:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-154-sql-injection</loc>
<lastmod>2015-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-notes-for-woocommerce/product-notes-tab-private-admin-notes-for-woocommerce-310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stops-core-theme-and-plugin-updates/easy-updates-manager-9020-reflected-cross-site-scripting-via-paged-parameter</loc>
<lastmod>2026-05-27T18:13:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-last-modified-info/wp-last-modified-info-194-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-266-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1314-unauthenticated-blind-sql-injection</loc>
<lastmod>2022-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pochipp/pochipp-1189-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipe-card-blocks-by-wpzoom/recipe-card-blocks-for-gutenberg-elementor-348-incorrect-authorization</loc>
<lastmod>2025-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stageshow/stageshow-509-open-redirect</loc>
<lastmod>2015-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-copy-protection/wp-content-copy-protection-344-cross-site-request-forgery-to-setting-update</loc>
<lastmod>2022-02-16T08:04:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mtouch-quiz/mtouch-quiz-312-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-live-ajax-search/relevanssi-live-ajax-search-24-unauthenticated-wp_query-argument-injection</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-dashboard/ultimate-dashboard-3814-cross-site-request-forgery-to-module-activationdeactivation</loc>
<lastmod>2026-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulkpress/bulkpress-035-reflected-cross-site-scripting</loc>
<lastmod>2024-11-15T15:06:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-account-funds-premium/yith-woocommerce-account-funds-premium-1330-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/yet-another-stars-rating-186-unauthenticated-php-object-injection</loc>
<lastmod>2019-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-autoresponder-addon/bakery-autoresponder-addon-106-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpx-viewer/gpx-viewer-2211-authenticated-editor-path-traversal</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/out-of-the-box/out-of-the-box-1202-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3319-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latest-post-shortcode/latest-post-shortcode-1403-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-calendar-for-google/events-calendar-for-google-210-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-363-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2018-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-edit-post-titles/bulk-edit-post-titles-500-missing-authorization</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-control/content-control-the-ultimate-content-restriction-plugin-restrict-content-create-conditional-blocks-more-250-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2025-03-04T21:25:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bus-ticket-booking-with-seat-reservation/bus-ticket-booking-with-seat-reservation-562-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/source-shortcode/credits-shortcode-12-authenticated-contributor-stored-cross-site-scripting-via-link-shortcode-attribute</loc>
<lastmod>2026-05-11T19:02:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastcgi-cache-purge-and-preload-nginx/nginx-cache-purge-preload-211-authenticated-administrator-remote-code-execution</loc>
<lastmod>2025-07-21T20:50:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/contact-form-builder-with-drag-drop-for-wordpress-kali-forms-242-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qtranslate-to-wpml-export/qtranslate-x-cleanup-and-wpml-import-301-missing-authorization-via-clean_ajx</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devs-accounting/devs-accounting-120-missing-authorization-to-unauthenticated-account-deletion-via-delete-account-rest-endpoint</loc>
<lastmod>2026-06-23T16:39:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-directory-traversal-via-customizer</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-before-download/email-before-download-36-sql-injection</loc>
<lastmod>2017-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-user-profile-user-registration-forms-390-sensitive-information-disclosure-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-wpdevart-extended/countdown-and-countup-woocommerce-sales-timers-157-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-09-27T13:41:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-wordpress-cache-plugin-202-unprotected-ajax-actions</loc>
<lastmod>2022-05-02T13:12:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zota/zota-1314-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/multiple-plugins-by-funnelkit-various-versions-authenticated-contributor-sensitive-information-exposure-to-privilege-escalation-via-woofunnel-library</loc>
<lastmod>2025-08-18T18:57:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.5/wordpress-core-655-authenticated-contributor-stored-cross-site-scripting-via-html-api</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1157-reflected-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/globalquran/globalquran-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weaverx-theme-support/weaver-xtreme-theme-support-64-authenticated-contributor-stored-cross-site-scripting-via-div-shortcode</loc>
<lastmod>2024-06-04T19:18:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-saint/post-saint-chatgpt-gpt4-dall-e-stable-diffusion-pexels-dezgo-ai-text-image-generator-131-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-flow/zoho-flow-for-wordpress-280-authenticated-administrator-sql-injection</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photome/photome-5611-unauthenticated-php-object-injection</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-grouped-product/wpc-grouped-product-for-woocommerce-442-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plationline/plationline-payments-700-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/questionar-elementor/questionar-for-elementor-117-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-facebook-like-box/easy-social-like-box-popup-sidebar-widget-40-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-05T12:59:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exit-strategy/wordpress-exit-strategy-155-information-exposure</loc>
<lastmod>2013-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-393-reflected-cross-site-scripting</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg_zoominoutslider/responsive-zoom-inout-slider-wordpress-plugin-545-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-modern-events-calendar-bookings-and-tickets-4047-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-204-authenticated-unrestricted-file-upload</loc>
<lastmod>2018-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-social-login/wordpress-social-login-304-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mshop-mysite/mshop-my-site-117-missing-authorization-via-update_settings</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2941-missing-authorization-to-authenticated-subscriber-arbitrary-post-update</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1355-missing-authorization-to-subscriber-arbitrary-post-creation</loc>
<lastmod>2022-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-redirector/qr-redirector-161-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-511-unauthenticated-arbitrary-file-move-via-regenerate_upload_file_keys</loc>
<lastmod>2026-04-08T07:57:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truebooker-appointment-booking/truebooker-116-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftcontroller/shiftcontroller-employee-shift-scheduling-4923-unauthenticated-stored-cross-site-scripting-via-hc-title</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-posts-order/custom-posts-order-44-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-on-site-seo-7521-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T17:02:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-donation-plugin-for-wordpress-fundraising-with-recurring-donations-more-1897-insufficient-verification-of-data-authenticity-to-unauthenticated-donation-status-forgery-via-stripe-webhook</loc>
<lastmod>2026-04-06T18:46:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-bulk-editor-and-products-manager-professional-for-woocommerce-by-pluginusnet-115-cross-site-request-forgery-to-product-data-modification</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-70-704-unauthenticated-arbitrary-file-upload-leading-to-remote-code-execution</loc>
<lastmod>2021-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ical-availability/wp-ical-availability-103-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-248-unauthenticated-sql-injection-via-get_members-function</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide_my_wp/hide-my-wp-6212-reflected-cross-site-scripting</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-conversation-for-gravity-forms/magic-conversation-for-gravity-forms-3097-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-07T19:53:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-header/add-to-header-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-3130-unauthenticated-information-exposure</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-wordpress-currency-switcher-professional-119-missing-authorization-to-arbitrary-custom-drop-down-currency-switcher-deletion</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing-pro/classified-listing-pro-2020-reflected-cross-site-scripting</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zeenshare/zeenshare-101-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3355-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-67080-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-18T15:41:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-polls/wp-polls-2756-ip-validation-bypass</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-103-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-gallery-for-wordpress-1123-authenticated-author-stored-cross-site-scripting-via-justified_gallery_theme-parameter-via-rest-api</loc>
<lastmod>2026-03-03T20:19:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-inspiration-generator/daily-inspiration-generator-20-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rezgo/rezgo-online-booking-143-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plainview-protect-passwords/plainview-protect-passwords-14-cross-site-request-forgery</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3308-authenticated-author-path-traversal-to-limited-file-overwrite</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase-supreme/team-member-74-authenticated-editor-local-file-inclusion</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-classifieds-and-directory-pro/advanced-classifieds-directory-pro-300-missing-authorization-to-arbitrary-attachment-deletion</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2538-authenticated-map-creationdeletion-to-stored-cross-site-scripting-remote-code-execution</loc>
<lastmod>2020-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-plugins-stripe-woo/stripe-payments-for-woocommerce-by-checkout-191-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mpoperationlogs/mpoperationlogs-101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/h5pxapikatchu/snordians-h5pxapikatchu-0414-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goracash/goracash-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donation-thermometer/donation-thermometer-212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1265-stored-cross-site-scripting</loc>
<lastmod>2019-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bridge-core/bridge-core-309-reflected-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-131113-sql-injection</loc>
<lastmod>2019-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-542-open-redirect</loc>
<lastmod>2020-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/super-socializer-71354-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-posts-with-multiple-custom-groups-fpmcg/featured-posts-with-multiple-custom-groups-fpmcg-40-reflected-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/medma-matix/matix-popup-builder-100-unauthenticated-arbitrary-options-update</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/weaver-xtreme/weaver-xtreme-630-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lisfinity-core/lisfinity-core-lisfinity-core-plugin-used-for-pebas-lisfinity-wordpress-theme-150-unauthenticated-sql-injection</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chameleon/chameleon-143-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-per-user/theme-per-user-101-unauthenticated-php-object-injection</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bricksforge/bricksforge-2017-missing-authorization-to-unauthenticated-wordpress-settings-deletion</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenly/greenly-81-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/narnoo-distributor/narnoo-distributor-251-path-traversal</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-216-missing-authorization-to-authenticated-subscriber-user-email-retrieval</loc>
<lastmod>2025-01-21T22:18:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-ads-1517-reflected-cross-site-scripting</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upload-quota-per-user/upload-quota-per-user-13-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-3272-reflected-cross-site-scripting</loc>
<lastmod>2020-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-61511-6159-unauthenticated-sql-injection-via-s</loc>
<lastmod>2025-11-04T16:25:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-773-missing-authorization</loc>
<lastmod>2025-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-smtp/easy-wp-smtp-149-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepeople-post-map/google-maps-cp-1043-missing-authorization-to-authenticated-subscriber-feedback-form-submission</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-manager/booking-manager-sync-wp-booking-calendar-import-events-export-bookings-to-ics-calendar-2114-authenticated-contributor-booking-deletion</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-tagline-rotator/jquery-tagline-rotator-015-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/healsoul/healsoul-223-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-976-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-courses/wp-courses-lms-online-courses-builder-elearning-courses-courses-solution-education-courses-3226-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-extra-fields/user-extra-fields-168-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-452-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-redirection/ip2location-redirection-1333-missing-authorization-to-unauthenticated-settings-export</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pipes/wp-pipes-133-authenticated-admin-sql-injection</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/armania/armania-148-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-instagram/image-social-feed-plugin-176-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-dynamic-pricing-and-discounts/woocommerce-dynamic-pricing-and-discounts-241-stored-cross-site-scripting</loc>
<lastmod>2021-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-bootmodal-login/ajax-bootmodal-login-143-captcha-reuse</loc>
<lastmod>2018-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stonehenge-em-osm/events-manager-8211-openstreetmaps-421-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7313727-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-200-208-reflected-cross-site-scripting</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-471-reflected-cross-site-scripting-via-vi-parameter</loc>
<lastmod>2026-03-03T20:24:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1315-unauthenticated-stored-cross-site-scripting-via-browser</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedweb/feedweb-307-sql-injection</loc>
<lastmod>2014-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-34-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearout-email-validator/clearout-email-validator-320-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-57-admin-stored-cross-site-scripting</loc>
<lastmod>2022-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress-notify-nospam/bbpress-notify-2195-reflected-cross-site-scripting</loc>
<lastmod>2025-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/couponxxl/couponxxl-300-unauthenticated-privilege-escalation</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplelightbox/multiple-plugins-various-versions-authenticated-contributor-stored-dom-based-cross-site-scripting-via-simplelightbox-javascript-library</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-count-down-timer/wp-count-down-timer-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:08:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-page-duplicator/page-duplicator-011-missing-authorization-to-unauthenticated-postpage-duplication</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pure-wc-variations-swatches/pure-wc-variation-swatches-117-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/firestats/firestats-162-sql-injection</loc>
<lastmod>2009-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-2checkout-payment/2checkout-payment-gateway-for-woocommerce-62-missing-authorization-via-sniff_ins</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheets-to-wp-table-live-sync/flextable-data-table-sync-with-google-sheets-3240-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/wp-easycart-548-cross-site-request-forgery-via-process_delete_product</loc>
<lastmod>2023-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-132-open-redirect-via-state</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popup-builder/wp-popup-builder-138-unauthenticated-information-exposure</loc>
<lastmod>2025-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-portal/job-portal-001-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-image-widget/wpb-image-widget-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/back-button-widget/back-button-widget-163-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devoluciones-packback/mimoos-12-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wangguard/wangguard-180-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2017-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skysa-text-ticker-app/skysa-text-ticker-app-14-cross-site-request-forgery-to-settings-modification-via-save-settings-form</loc>
<lastmod>2026-05-11T19:04:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/base64-encoderdecoder/base64-encoderdecoder-092-cross-site-request-forgery-to-setting-reset</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-227-authenticated-contributor-stored-cross-site-scripting-via-countdown-and-image-comparison-widgets</loc>
<lastmod>2025-12-12T19:38:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dropbox-dropins/wp-dropbox-dropins-10-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-213-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-05-17T16:25:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1204-stored-cross-site-scripting</loc>
<lastmod>2017-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-29928-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-for-music-radio-podcast-by-sonaar-51-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-pop-up-banners/cm-pop-up-banners-184-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animation-addons-for-elementor/animation-addons-for-elementor-245-authenticated-contributor-arbitrary-content-deletion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-statcounter-plugin-for-wordpress/official-statcounter-plugin-210-authenticated-contributor-stored-cross-site-scripting-via-nickname</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_VC_Addons/ultimate-addons-for-wpbakery-page-builder-3211-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-446-admin-stored-cross-site-scripting-via-breadcrumbs</loc>
<lastmod>2022-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-voting/wp-voting-18-reflected-cross-site-scripting</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/userfeedback-lite-1015-unauthenticated-stored-cross-site-scripting-via-name-parameter</loc>
<lastmod>2024-07-12T08:32:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coven-core/coven-core-13-unauthenticated-sql-injection</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beyot-framework/smart-framework-multiple-plugins-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-bws/slider-by-bestwebsoft-110-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log-pro/user-activity-log-pro-233-unauthenticated-stored-cross-site-scripting-via-user-agent-header</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-276-unauthenticated-sql-injection-via-rating_filter</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activecampaign-subscription-forms/activecampaign-8116-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-405-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-poster/pdf-poster-display-pdf-files-with-custom-viewer-241-missing-authorization</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/wp-cookie-notice-for-gdpr-ccpa-eprivacy-consent-380-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gt3-photo-video-gallery/photo-gallery-gt3-image-gallery-gutenberg-block-gallery-27725-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-507-missing-authorization</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iteras/iteras-182-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-23T19:20:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travel-agency/travel-agency-155-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blue-wrench-videos-widget/blue-wrench-video-widget-210-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-414-cross-site-request-forgery-via-update_automator_connect</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-championship/wp-championship-92-multiple-cross-site-request-forgery-vulnerabilities</loc>
<lastmod>2022-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-158-authenticated-administrator-sql-injection-via-ce_venue_name-csv-field</loc>
<lastmod>2026-03-06T11:49:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-872-missing-authorization</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-social-bar/floating-social-bar-117-cross-site-scripting</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-product-fields-for-woocommerce/advanced-product-fields-product-addons-for-woocommerce-1618-missing-authorization</loc>
<lastmod>2026-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-1096-sensitive-information-disclosure</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-countdown/wow-countdowns-312-authenticated-admin-sql-injection</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listeo/listeo-directory-listings-with-booking-wordpress-theme-1611-cross-site-scripting</loc>
<lastmod>2021-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-4991-cross-site-request-forgery</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scrolling-anchors/easy-smooth-scroll-links-2231-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-business-data/simple-business-data-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:20:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-video-player/easy-video-player-12210-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/projectopia-core/projectopia-5118-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1127-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmatic/newsmatic-134-unauthenticated-information-exposure-via-newsmatic_filter_posts_load_tab_content</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hestia/hestia-3210-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search-replace/better-search-replace-14-authenticated-administrator-sql-injection</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mapa-politico-spain/mapa-politico-espaa-370-stored-cross-site-scripting</loc>
<lastmod>2021-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-link-directory/simple-link-directory-560-php-object-injection</loc>
<lastmod>2018-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/word-replacer-ultra/word-replacer-pro-10-missing-authorization</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cars4rent/cars4rent-142-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-extended/advanced-custom-fields-extended-0925-unauthenticated-privilege-escalation-via-validation-bypass-to-_acf_post_id-parameter</loc>
<lastmod>2026-05-28T10:09:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-elements/spider-elements-addons-for-elementor-163-missing-authorization</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/color-palette/color-palette-432-authenticated-contributor-stored-cross-site-scripting-via-hex-parameter</loc>
<lastmod>2025-06-12T13:10:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-scheduler/auto-post-scheduler-184-cross-site-request-forgery-to-stored-cross-site-scripting-via-aps_options_page</loc>
<lastmod>2026-03-30T16:31:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/makewebbetter-hubspot-for-woocommerce/mwb-hubspot-for-woocommerce-crm-abandoned-cart-email-marketing-marketing-automation-analytics-159-missing-authorization-to-authenticated-contributor-arbitrary-options-update</loc>
<lastmod>2025-01-30T00:42:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-link-to-facebook/add-link-to-facebook-228-reflected-cross-site-scripting</loc>
<lastmod>2015-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-55-sql-injection</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-lightbox/wp-video-lightbox-194-reflected-cross-site-scripting</loc>
<lastmod>2022-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-addons-for-elementor/responsive-addons-for-elementor-201-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-09-10T18:49:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/circle-image-slider-with-lightbox/team-circle-image-slider-with-lightbox-104-authenticated-admin-sql-injection</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-blocks/wowstore-store-builder-product-blocks-for-woocommerce-443-unauthenticated-sql-injection-via-search-parameter</loc>
<lastmod>2026-03-16T11:29:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-wordpress-event-booking-manager-plugin-3992-authenticated-subscriber-sql-injection-via-reg_id</loc>
<lastmod>2025-03-06T19:34:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ehive-search/ehive-search-250-reflected-cross-site-scripting</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal-google-adsense-and-ads-manager/universal-google-adsense-and-ads-manager-118-missing-authorization</loc>
<lastmod>2026-01-14T08:24:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2112-cross-site-scripting</loc>
<lastmod>2020-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vitepos-lite/vitepos-point-of-sale-pos-for-woocommerce-330-authenticated-subscriber-arbitrary-file-upload-to-remote-code-execution</loc>
<lastmod>2025-11-20T19:52:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a4-barcode-generator/print-barcode-labels-for-your-woocommerce-productsorders-349-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-donottrack/wp-donottrack-088-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdpa-consent/pdpa-consent-for-thailand-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-b2b-for-woocommerce/all-in-one-b2b-for-woocommerce-103-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2617-missing-authorization-to-authenticated-subscriber-limited-arbitrary-options-update</loc>
<lastmod>2025-02-14T20:28:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amocrm-webform/amocrm-webform-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/authentic/authentic-204-arbitrary-file-download</loc>
<lastmod>2014-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-mailchimp-for-wordpress-487-cross-site-scripting</loc>
<lastmod>2022-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kk-youtube-video/kk-youtube-video-02-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-13T19:38:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enigma-chartjs/chartjs-20232-authenticatededitor-stored-cross-site-scripting-via-chart</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sponsered-link/sponsered-link-40-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-calendly-integration/form-to-online-booking-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-2128-authenticated-contributor-information-disclosure-via-shortcode</loc>
<lastmod>2024-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-calendar/pie-calendar-129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-268-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-and-pro-18176-stored-cross-site-scripting</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hq60-fidelity-card/hq60-fidelity-card-18-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-directory-addon/designthemes-directory-addon-18-missing-authorization</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-image-slider/creative-image-slider-responsive-slider-plugin-213-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/bookly-203-staff-member-stored-cross-site-scripting</loc>
<lastmod>2021-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-22-sql-injection</loc>
<lastmod>2007-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-crowd/social-crowd-0961-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-video-gallery/all-video-gallery-11-sql-injection</loc>
<lastmod>2012-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-discount-for-woocommerce/seraphinite-bulk-discounts-for-woocommerce-246-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-277-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zalo-official-live-chat/zalo-official-live-chat-100-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hebrewdates/hebrew-date-210-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixproof/pixproof-201-missing-authorization</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-258-cross-site-scripting</loc>
<lastmod>2013-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hungred-post-thumbnail/hungred-post-thumbnail-219-arbitrary-file-upload</loc>
<lastmod>2012-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-548-reflected-cross-site-scripting-in-general-module</loc>
<lastmod>2021-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-wd/10webfaq-1014-cross-site-scripting</loc>
<lastmod>2016-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2112-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tf-woo-product-grid/tf-woo-product-grid-addon-for-elementor-101-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitor-traffic-real-time-statistics-84-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-03T22:10:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webling/webling-390-authenticated-subscriber-stored-cross-site-scripting-via-title-parameter</loc>
<lastmod>2026-04-09T12:32:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171001-authenticated-contributor-dom-based-stored-cross-site-scripting-via-form-builder-widget</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-status-rules-for-woocommerce/scheduled-amp-automatic-order-status-controller-for-woocommerce-371-open-redirect</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3_accordions/css3-accordions-for-wordpress-30-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-471-missing-authorization</loc>
<lastmod>2026-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-refund-and-return-order-for-woocommerce/flexible-refund-and-return-order-for-woocommerce-1038-missing-authorization-to-authenticated-subscriber-arbitrary-order-refund</loc>
<lastmod>2025-10-21T17:57:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitekit/sitekit-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-product-in-a-post-plugin/amazon-product-in-a-post-plugin-353-sql-injection</loc>
<lastmod>2015-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-news/google-news-251-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps-integration/wp-google-maps-integration-12-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2026-05-11T19:06:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scss-library/scss-library-041-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-friendly-flickr-slideshow/responsive-flickr-slideshow-260-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-event-planner/simple-event-planner-plugin-154-cross-site-scripting</loc>
<lastmod>2022-03-23T10:38:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elink-embed-content/elink-embed-content-110-authenticated-contributor-insufficient-input-validation</loc>
<lastmod>2025-08-14T20:11:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-related-posts-plugin/yarpp-yet-another-related-posts-plugin-5302-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-wallet-wallet-cashback-refunds-partial-payment-wallet-restriction-262-missing-authorization</loc>
<lastmod>2025-03-03T20:17:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-shipping-multiple-addresses/woocommerce-ship-to-multiple-addresses-385-cross-site-request-forgery</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-550-unauthenticated-account-takeover-via-weak-password-recovery-mechanism</loc>
<lastmod>2026-05-08T14:16:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compact-wp-audio-player/compact-wp-audio-player-197-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rest-api-authentication/wordpress-rest-api-authentication-240-cross-site-request-forgery</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-login/external-login-1112-authenticated-subscriber-sensitive-data-exposure-via-test-connection</loc>
<lastmod>2025-10-14T19:58:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-202-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1260-authenticated-subscriber-stored-cross-site-scripting-via-user-badge-link-substitution</loc>
<lastmod>2026-04-08T14:42:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all_in_one_carousel/all-in-one-slider-1220-reflected-cross-site-scripting</loc>
<lastmod>2014-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mihdan-public-post-preview/mihdan-public-post-preview-199-missing-authorization</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-cleanup/image-cleanup-192-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-to-social-media-wp-to-social-champ/socialchamp-with-wordpress-135-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-01-13T17:28:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revenue/wowrevenue-1213-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-form-builder/visual-form-builder-305-csv-injection</loc>
<lastmod>2021-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailpress/emailpress-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-attachments/wp-attachments-5012-reflected-cross-site-scripting-via-attachment_id-parameter</loc>
<lastmod>2025-05-27T19:16:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-337-reflected-cross-site-scripting</loc>
<lastmod>2012-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editormd/wp-editormd-the-perfect-wordpress-markdown-editor-1004-cross-site-scripting</loc>
<lastmod>2018-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem-elementor/thegem-elementor-5105-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.3/wordpress-core-470-631-denial-of-service-via-cache-poisoning</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-smilies-se/custom-smilies-292-reflected-cross-site-scripting</loc>
<lastmod>2025-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-e-commerce-shopping-cart/simple-ecommerce-shopping-cart-plugin-sell-products-through-paypal-312-cross-site-request-forgery</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaky-paywall/leaky-paywall-4217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs-pro/tab-ultimate-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/binary-mlm-plan/binary-mlm-plan-30-unauthenticated-sql-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-stream-quiz/ari-stream-quiz-wordpress-quizzes-builder-1226-reflected-cross-site-scripting</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/social-sharing-plugin-sassy-social-share-3358-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/altra-side-menu/altra-side-menu-20-authenticated-admin-sql-injection</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ymc-states-map/states-map-us-242-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:48:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/woocommerce-affiliate-plugin-coupon-affiliates-41101-reflected-cross-site-scripting</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ship-depot/shipdepot-for-woocommerce-1219-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flo-forms/flo-forms-1040-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-252-missing-authorization-to-options-update</loc>
<lastmod>2024-05-20T19:51:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-13977-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/appointment-and-event-booking-calendar-amelia-1047-arbitrary-file-upload</loc>
<lastmod>2022-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sync-posts/sync-posts-10-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-engine-pro/comment-engine-pro-10-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2021-10-07T10:22:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tax-rate-upload/tax-rate-upload-245-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tournament-bracket-generator/tournament-bracket-generator-100-authenticated-contributor-stored-cross-site-scripting-via-bracket-shortcode</loc>
<lastmod>2025-06-25T13:45:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-vcard-generator/contact-form-vcard-generator-24-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-wp-gvc-cf-download-id-parameter</loc>
<lastmod>2026-01-08T21:36:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grecko/grecko-517-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coblocks/page-builder-gutenberg-blocks-3116-authenticated-contributor-stored-cross-site-scripting-via-external-ical-feed-data</loc>
<lastmod>2026-04-17T14:48:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xserver-migrator/xserver-migrator-162-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-for-the-events-calendar/the-events-calendar-countdown-addon-149-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-thumbnail-slider/thumbnail-carousel-slider-10-cross-site-request-forgery-to-mass-slider-deletion</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-template-customizer-for-woo/email-template-customizer-for-woocommerce-1217-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/about-rentals/about-rentals-15-missing-authorization</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/indeed-membership-pro-137-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-shortcode-sidebars/custom-shortcode-sidebars-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elements-plus/elements-plus-2164-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-09-10T18:55:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-portal-widgets/perfect-portal-widgets-303-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T19:03:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-129-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T20:11:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator-ext/seraphinite-accelerator-premium-22113-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shorten-url/short-url-168-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-integrations/bit-integrations-287-unauthenticated-server-side-request-forgery-via-form-field-upload-mapping</loc>
<lastmod>2026-06-18T15:58:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-2610-284-information-disclosure-via-arbitrary-file-read</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-code-tag/qr-code-tag-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-management/wpchurch-270-reflected-cross-site-scripting</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-wordpress-currency-switcher-professional-119-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fulltext-search/wp-fast-total-search-168232-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viral-loops-wp-integration/viral-loops-wp-integration-381-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/camptix/camptix-event-ticketing-15-cross-site-scripting</loc>
<lastmod>2016-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-464-authenticated-contributor-privilege-escalation</loc>
<lastmod>2021-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/abstracts-274-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-dropshipping/woocommerce-dropshipping-premium-43-unauthenticated-sql-injection</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickymenu/my-sticky-bar-266-cross-site-request-forgery-to-sensitive-information-exposure</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bidorbuystoreintegrator/bidorbuy-store-integrator-2120-authenticated-admin-remote-code-execution</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dwt-listing/dwt-directory-listing-wordpress-theme-334-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vite-coupon/vite-coupon-109-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lana-downloads-manager/lana-downloads-manager-1100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-social/wp-open-social-50-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gslideshow/gslideshow-01-cross-site-request-forgery</loc>
<lastmod>2014-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-descriptions/terms-descriptions-349-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-01-10T14:56:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/injection-guard/injection-guard-127-reflected-cross-site-scripting</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bcs-bertline-book-importer/bcs-batchline-book-importer-157-arbitrary-product-importupdate</loc>
<lastmod>2021-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menubar/menubar-582-cross-site-request-forgery-in-wpm-adminphp</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-facebook-feed/10web-social-post-feed-129-reflected-cross-site-scripting</loc>
<lastmod>2024-10-24T18:29:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flog/flog-01-cross-site-scripting</loc>
<lastmod>2014-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordable/wordable-311-authentication-bypass</loc>
<lastmod>2020-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1351-missing-authorization-to-authenticated-contributor-form-update-and-creation</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-medium-posts/display-medium-posts-501-authenticated-contributor-stored-cross-site-scripting-via-display_medium_posts-shortcode</loc>
<lastmod>2024-10-03T13:32:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/strux/strux-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/split-test-for-elementor/split-test-for-elementor-169-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/better-messages-chat-rooms-group-chat-private-messages-ai-chat-bots-21416-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-283-stored-cross-site-scripting</loc>
<lastmod>2021-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-salesforce/login-with-salesforce-102-authentication-bypass</loc>
<lastmod>2026-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/swape/swape-app-showcase-app-store-wordpress-theme-121-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2018-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-banner/simple-banner-303-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-288-stored-cross-site-scripting</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/hubbub-lite-1343-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/which-template-file/which-template-file-500-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-398-missing-authorization-via-handle_calendly_data</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-chatgpt-assistant/ai-chatbot-with-chatgpt-and-content-generator-by-ays-270-missing-authorization-to-unauthenticated-media-file-uploads</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microsoft-advertising-universal-event-tracking-uet/microsoft-advertising-universal-event-tracking-uet-103-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themehunk-megamenu-plus/easy-mega-menu-plugin-for-wordpress-themehunk-109-missing-authorization-to-authenticated-subscriber-settings-updates</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-online-food-ordering-system-3121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-295-missing-authorization-to-unauthenticated-uploaded-files-disclosure-and-deletion</loc>
<lastmod>2025-09-03T07:55:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tumult-hype-animations/tumult-hype-animations-1915-authenticated-author-arbitrary-file-upload-via-hypeanimations_panel-function</loc>
<lastmod>2024-11-27T20:52:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelines-email-protector/pixelines-email-protector-138-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backuply/backuply-backup-restore-migrate-and-clone-127-authenticated-admin-directory-traversal</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/philantro/philantro-donations-and-donor-management-53-authenticated-contributor-stored-cross-site-scripting-via-donate-shortcode</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rara-one-click-demo-import/rara-one-click-demo-import-129-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2022-04-21T13:36:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pizzahouse/pizza-house-140-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speakout/speakout-email-petitions-21311-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-204-denial-of-service</loc>
<lastmod>2006-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-showcase/video-gallery-403-authenticated-subscriber-arbitrary-function-call-via-path-parameter</loc>
<lastmod>2026-06-30T15:01:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-multi-view-calendar/cp-multi-view-events-calendar-1434-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-305-authenticated-contributor-stored-cross-site-scripting-via-image-accordion-widget</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gigpress/gigpress-2310-reflected-cross-site-scripting</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sala/sala-113-missing-authorization</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wte-elementor-widgets/wp-travel-engine-elementor-widgets-create-travel-booking-website-using-wordpress-and-elementor-137-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xo-liteslider/xo-slider-386-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bib2html/bib2html-093-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aiomatic-automatic-ai-content-writer/aiomatic-automatic-ai-content-writer-205-unauthenticated-arbitrary-email-sending</loc>
<lastmod>2024-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-for-paypal/checkout-for-paypal-1046-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-create-native-android-ios-apps-on-the-cloud-4174-unauthenticated-limited-privilege-escalation</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hyperlink-group-block/hyperlink-group-block-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-simple-ecommerce-for-selling-digital-files-236-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accurate-form-data-real-time-form-validation/wp-accurate-form-data-12-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registrations-for-the-events-calendar/registrations-for-the-events-calendar-2132-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/besa/besa-2315-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-folder/media-folder-100-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gable/gable-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-sheets/time-sheets-213-use-of-known-vulnerable-component</loc>
<lastmod>2025-12-04T17:30:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-153-sql-injection</loc>
<lastmod>2015-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bu-slideshow/bu-slideshow-2310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-addons-and-templates-kit-for-elementor-171052-missing-authorization</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/about-me-3000/about-me-3000-widget-226-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-523-multiple-protection-mechanism-bypasses</loc>
<lastmod>2014-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terillion-reviews/terillion-reviews-12-stored-cross-site-scripting</loc>
<lastmod>2013-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolementor/codesigner-woocommerce-builder-for-elementor-421-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft-1210-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulgarisation-for-woocommerce/bulgarisation-for-woocommerce-3014-missing-authorization</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-timeline/post-timeline-239-reflected-cross-site-scripting</loc>
<lastmod>2024-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-contacts/spidercontacts-117-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buzzsprout-podcasting/buzzsprout-podcasting-184-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ziggeo/ziggeo-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-ssl/really-simple-security-simple-and-performant-security-formerly-really-simple-ssl-9510-missing-authorization</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-4614-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21036-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-08-21T20:32:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-pagepost-redirect-plugin/quick-pagepost-redirect-523-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realty/realty-by-bestwebsoft-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimole-wp/image-optimization-by-optimole-lazy-load-cdn-convert-webp-avif-31210-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-mobile-url-redirect/simple-mobile-url-redirect-172-cross-site-request-forgery-leading-to-mobile-redirect-updates</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log-pro/user-activity-log-pro-234-missing-authorization</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meteor-slides/meteor-slides-157-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:22:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-slideshow-wrapper/flickr-slideshow-wrapper-546-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-478-cross-site-request-forgery-via-qc_wp_latest_update_check</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-kit-elementor-addons/news-kit-addons-for-elementor-142-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hiroshi/hiroshi-151-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-42-arbitary-file-upload</loc>
<lastmod>2016-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ekommart/ekommart-431-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-scroll-image-slideshow-gallery/vertical-scroll-image-slideshow-gallery-111-authenticated-contributor-stored-cross-site-scripting-via-width-parameter</loc>
<lastmod>2025-07-17T16:29:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post-kit/ultimate-post-kit-addons-for-elementor-post-grid-post-carousel-post-slider-category-list-post-tabs-timeline-post-ticker-tag-cloud-3117-authenticated-contributor-stored-cross-site-scripting-via-social-count-static-widget</loc>
<lastmod>2024-06-27T19:59:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-597-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-ready-lite/elementsready-addons-for-elementor-643-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-15T21:26:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-page-builder-155-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-to-csv/users-to-csv-145-cross-site-request-forgery</loc>
<lastmod>2015-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-headline-rotator/simple-headline-rotator-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kattene/kattene-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-duplicate-page-menu-icons-svg-support-cookie-notice-custom-fonts-more-306-authenticated-administrator-stored-cross-site-scripting-via-menu-item-icon-parameter</loc>
<lastmod>2026-06-17T16:48:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cowidgets-elementor-addons/cowidgets-elementor-addons-112-authenticated-contributor-stored-cross-site-scripting-via-heading_tag-parameter</loc>
<lastmod>2024-06-03T17:08:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-renamer/media-file-renamer-auto-manual-rename-525-missing-authorization-checks</loc>
<lastmod>2012-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/design-import-export/design-importexport-22-authenticated-administrator-sql-injection-via-xml-file-import</loc>
<lastmod>2025-12-12T14:51:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-create-highly-converting-mobile-friendly-marketing-popups-441-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T19:31:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-arbitrary-file-deletion</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quform/quform-wordpress-form-builder-2200-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-widget/wp-social-widget-223-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iq-testimonials/iq-testimonials-227-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-564-sql-injection</loc>
<lastmod>2020-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elastic-email-sender/elastic-email-sender-1220-missing-authorization</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-audit-log-for-woocommerce/order-audit-log-for-woocommerce-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-optimizer/wp-optimizer-236-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-easiest-most-advanced-wordpress-plugin-for-google-maps-423-cross-site-request-forgery</loc>
<lastmod>2022-02-22T14:59:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-4518-unauthenticated-stored-cross-site-scripting-via-request_uri-in-404-logging</loc>
<lastmod>2026-06-23T16:46:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-thickbox-plus/auto-thickbox-plus-19-reflected-cross-site-scripting</loc>
<lastmod>2015-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-mailchimp-extension/contact-form-7-extension-for-mailchimp-0570-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-425-reflected-cross-site-scripting</loc>
<lastmod>2021-08-16T16:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/conquerors/conquerors-american-football-nfl-psd-template-1213-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5920-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brandfolder/brandfolder-5019-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-07-15T18:16:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stackable-ultimate-gutenberg-blocks/stackable-page-builder-gutenberg-blocks-31311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-plugin-1686-stored-cross-site-scripting</loc>
<lastmod>2022-01-12T13:42:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-464-missing-authorization-to-unauthenticated-bunny-stream-video-creationdeletion</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-extender-for-divi-builder/contact-form-extender-for-divi-submissions-db-extra-fields-106-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-filter/posts-filter-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-4831-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-log-deletion-via-id-parameter</loc>
<lastmod>2026-02-02T14:51:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tripadvisor-review-slider/wp-tripadvisor-review-slider-118-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-bbpress-tools/gd-bbpress-tools-353-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-grid/the-grid-280-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagrate-to-wordpress/intagrate-lite-137-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice-and-consent-banner/cookie-notice-amp-consent-banner-for-gdpr-amp-ccpa-compliance-1711-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/miraculous/miraculous-209-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tags-to-meta-keywords/tags-to-keywords-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-21449-unauthenticated-sql-injection</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-163-unauthenticated-information-exposure</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-370-cross-site-scripting</loc>
<lastmod>2018-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-social-buttons/floating-social-buttons-15-cross-site-request-forgery</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-badge-management/wpc-badge-management-for-woocommerce-316-authenticated-shop-manager-stored-cross-site-scripting-via-text-attribute</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payu-india/payu-commercepro-plugin-383-unauthenticated-privilege-escalation</loc>
<lastmod>2025-01-06T16:09:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eu-vat-for-woocommerce/euuk-vat-manager-for-woocommerce-21214-reflected-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/civi/civi-job-board-freelance-marketplace-wordpress-theme-2161-authentication-bypass</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-3473-missing-authorization-to-settings-update</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goldstar/goldstar-211-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpglobus-translate-options/wpglobus-translate-options-210-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hd-quiz-save-results-light/hd-quiz-save-results-light-05-missing-authorization</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-76-reflected-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-webmaster/wp-webmaster-824-cross-site-request-forgery</loc>
<lastmod>2013-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-511-cross-site-scripting</loc>
<lastmod>2019-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falang/falang-multilanguage-for-wordpress-142-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videospirecore/videospirecore-theme-plugin-106-authenticated-subscriber-privilege-escalation-via-user-email-changeaccount-takeover</loc>
<lastmod>2026-02-10T21:29:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-218-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-log/wp-mail-log-112-incorrect-authorization-to-authenticated-contributor-data-viewing-and-deletion</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-for-wordpress-by-funnelkit-2143-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/candifly/candifly-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:22:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalinks-customizer/permalinks-customizer-282-cross-site-request-forgery-via-post_settings</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fish-house/fish-house-127-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-last-changes/list-last-changes-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration-stripe/user-registration-stripe-1312-missing-authorization</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/wpvivid-backup-migration-plugin-0999-authenticated-admin-phar-deserialization</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-wpdevart-3219-authenticated-contributor-sql-injection</loc>
<lastmod>2024-12-23T21:34:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laposta-woocommerce/laposta-woocommerce-191-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-calendar-sync/vr-calendar-231-unauthenticated-remote-code-execution</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-for-woocommerce/membership-for-woocommerce-290-missing-authorization</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-category-meta/category-meta-128-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-screen-page-background-image-slideshow/full-screen-page-background-image-slideshow-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-appointment-booking/smart-appointment-booking-107-authenticated-subscriber-stored-cross-site-scripting-via-saab_save_form_data-ajax-action</loc>
<lastmod>2026-02-03T19:43:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-commissions/easy-digital-downloads-commissions-312-reflected-cross-site-scripting</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-product-feed-manager/woocommerce-google-feed-manager-220-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tinysalt/tinysalt-3100-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/formula/formula-051-reflected-cross-site-scripting-via-quality_customizer_notify_dismiss_action</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-options/wp-mail-options-023-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tournament-registration/wp-tournament-registration-130-authenticated-contributor-stored-cross-site-scripting-via-field-parameter</loc>
<lastmod>2025-08-05T13:00:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickwhale/clickwhale-link-manager-link-shortener-and-click-tracker-for-affiliate-links-link-pages-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-videogallery/dzs-video-gallery-1239-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-slider-and-carousel-with-category/product-slider-and-carousel-with-category-for-woocommerce-271-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-1513-sensitive-information-disclosure</loc>
<lastmod>2005-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/newsletter-smtp-email-marketing-and-subscribe-forms-by-brevo-formely-sendinblue-3177-reflected-cross-site-scripting</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-expand-tabs-free/wp-tabs-2116-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knight-lab-timelinejs/timelinejs3-370-stored-cross-site-scripting</loc>
<lastmod>2020-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-the-ultimate-woocommerce-multivendor-marketplace-solution-4219-missing-authorization-to-unauthenticated-table-rates-deletion</loc>
<lastmod>2025-04-04T16:21:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/horizontal-scrolling-announcement/horizontal-scrolling-announcement-92-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/market-exporter/market-exporter-2022-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-319-authenticated-administrator-remote-code-execution</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator/seraphinite-accelerator-22814-authenticated-subscriber-exposure-of-sensitive-information-to-an-unauthorized-actor</loc>
<lastmod>2026-03-03T22:00:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trackserver/trackserver-510-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-builder/app-builder-557-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tricks/jettricks-1541-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyberus-key/cyberus-key-10-authenticated-administrator-stored-cross-site-scripting-via-uid-in-cyberkey_settings-plugin-setting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-for-wp/google-adsense-banner-ads-by-adsforwp-16-cross-site-scripting</loc>
<lastmod>2019-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goodnex/goodnex-responsive-html5css3-site-template-113-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admire-extra/admire-extra-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-simple-gallery/youtube-simple-gallery-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oliver-pos/oliver-pos-a-woocommerce-point-of-sale-pos-2423-sensitive-information-exposure-to-privilege-escalation</loc>
<lastmod>2025-02-14T19:04:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-crypto-currency-payment/multi-cryptocurrency-payments-203-unauthenticated-sql-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-gdpr/wordpress-gdpr-202-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-contact-form-7-db-160-sql-injection</loc>
<lastmod>2019-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-455-missing-authorization</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-conversion-tracking/woocommerce-conversion-tracking-2011-missing-authorization</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1268-unauthenticated-information-exposure</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-712-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-4133-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-1241-cross-site-request-forgery-via-submitdefaulteditor</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/validated/validated-102-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-star-rating/gd-star-rating-1917-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg_zoominoutslider/lbg-zoominoutslider-544-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bepro-listings/bepro-listings-220020-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2016-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tree-website-map/tree-sitemap-pages-posts-categories-list-29-missing-authorization-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-276-user-registration-setting-bypass-to-unauthorized-user-registration</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15121-authenticated-editor-remote-code-execution</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-2949-reflected-cross-site-scripting</loc>
<lastmod>2017-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1704-missing-authorization-to-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2026-02-17T20:23:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-view-generator/custom-post-view-generator-046-reflected-cross-site-scripting</loc>
<lastmod>2021-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-before-download/terms-before-download-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1830-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-04T21:24:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1392-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-155-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spoki/spoki-2160-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-mcp/royal-mcp-secure-ai-connector-for-claude-chatgpt-gemini-1425-missing-authorization</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exit-intent-popups-by-optimonk/exit-popups-onsite-retargeting-by-optimonk-204-cross-site-request-forgery</loc>
<lastmod>2023-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vendor/trustedlogin-vendor-111-unauthenticated-information-disclosure</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-modifier-simple/add-custom-post-type-into-post-query-103-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/contact-form-builder-with-drag-drop-kali-forms-2327-missing-authorization-via-contact-form</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/godaddy-email-marketing-sign-up-forms/godaddy-email-marketing-114-cross-site-request-forgery</loc>
<lastmod>2016-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-syndication-toolkit-reader/content-syndication-toolkit-reader-15-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-617-missing-authorization-via-wpas_get_users</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpxmas-snow/wpxmas-snow-11-missing-authorization</loc>
<lastmod>2026-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tp-education/tp-education-44-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5205-authenticated-admin-insecure-direct-object-reference-to-arbitrary-user-password-change</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upc-ean-barcode-generator/upceangtin-code-generator-202-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable-registration/formidable-registration-211-authenticated-contributor-arbitrary-user-password-reset-to-account-takeover</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flatsome/flatsome-3175-unauthenticated-php-object-injection</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-2088-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19952-authenticated-instructor-arbitrary-file-upload</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-restaurant-menu/quick-restaurant-menu-202-cross-site-request-forgery</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-manager-for-woocommerce-425-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-stored-cross-site-scripting-via-comments</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-geo-maps/mapgeo-interactive-geo-maps-1627-reflected-cross-site-scripting-via-map-parameter</loc>
<lastmod>2026-05-13T17:15:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ar-vr-3d-model-try-on/3d-viewer-201-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-modification-via-settings-rest-endpoint</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popupally/popupally-211-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/health-check/health-check-troubleshooting-123-cross-site-request-forgery</loc>
<lastmod>2019-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-survey/perfect-survey-151-unauthenticated-sql-injection</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support-pro/wp-live-chat-support-pro-8006-remote-code-execution-via-unrestricted-file-upload</loc>
<lastmod>2019-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-inventory-manager/plaininventory-319-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnetforms/piotnet-forms-1030-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-700-arbitrary-file-upload</loc>
<lastmod>2020-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mon/wp-mon-051-arbitrary-file-download</loc>
<lastmod>2015-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-catalog-enquiry/wc-catalog-enquiry-305-arbitrary-file-upload</loc>
<lastmod>2017-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dejureorg-vernetzungsfunktion/dejureorg-vernetzungsfunktion-1975-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:17:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-1684-server-side-request-forgery</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-3110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-community/fluentcommunity-1215-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webappick-pdf-invoice-for-woocommerce/challan-3758-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-login-redirect/custom-login-redirect-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/book-a-room/book-a-room-29-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-02-11T21:10:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whatsapp-chat/wp-social-chat-click-to-chat-app-604-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artplacer-widget/artplacer-widget-2206-authenticated-editor-sql-injection</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-gravityforms-blacklist/bsk-forms-blacklist-39-cross-site-request-forgery</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-url-shorter/custom-url-shortener-036-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19952-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worker/managewp-worker-4931-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7111-missing-authorization</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/per-page-add-to/per-page-add-to-head-143-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/row-seats/row-seats-core-268-php-object-injection</loc>
<lastmod>2017-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drop-in-image-slideshow-gallery/drop-in-image-slideshow-gallery-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-addons-for-elementor/elementor-ai-addons-70-widgets-premium-templates-ultimate-elements-221-authenticated-contributor-private-templates-content-disclosure</loc>
<lastmod>2025-01-06T16:08:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-594-authenticated-contributor-stored-cross-site-scritping</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-pro-499-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sikshya/learning-management-system-elearning-course-builder-wordpress-lms-plugin-sikshya-lms-0021-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2024-12-16T21:00:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limb-gallery/wordpress-gallery-plugin-limb-image-gallery-157-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-let-loose-mp3-audio-player/mll-audio-player-mp3-ajax-07-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-car-rental-management-system-132-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-auction/ultimate-wordpress-auction-plugin-101-cross-site-request-forgery</loc>
<lastmod>2013-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Divi/divi-4202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-subscriptions/woocommerce-subscriptions-580-missing-authorization</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-compare/wpc-smart-compare-for-woocommerce-647-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgall-for-woocommerce/-556-unauthenticated-sql-injection</loc>
<lastmod>2026-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spin-wheel/spin-wheel-210-unauthenticated-client-side-prize-manipulation-via-prize_index-parameter</loc>
<lastmod>2026-01-16T18:09:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2214-authenticated-studentparent-sql-injection</loc>
<lastmod>2025-01-06T16:09:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zapier/zapier-for-wordpress-152-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-templates/slider-templates-103-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-download-info/edd-download-info-11-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-06T20:33:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-2062-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rest-api-authentication/wordpress-rest-api-authentication-363-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1322-authenticated-admin-stored-cross-site-scripting-via-facebook-app-id</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/appointment-booking-and-online-scheduling-442-missing-authorization-to-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T12:35:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shareyourcart/shareyourcart-171-sensitive-information-disclosure</loc>
<lastmod>2012-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-video-gallery/wordpress-video-gallery-27-sql-injection</loc>
<lastmod>2015-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chameleon-css/chameleon-css-12-cross-site-request-forgery</loc>
<lastmod>2021-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/persuasion/persuasion-24-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pagebuilder/wp-page-builder-123-multiple-stored-cross-site-scripting</loc>
<lastmod>2021-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-checkout-getnet/plugin-oficial-getnet-para-woocommerce-180-reflected-cross-site-scripting</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-memberships-groups-and-communities-583-missing-authorization</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickwhale/clickwhale-243-cross-site-request-forgery</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userheat/userheat-plugin-1110-cross-site-request-forgery</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto/canto-190-blind-server-side-request-forgery-via-treephp</loc>
<lastmod>2020-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-550-unauthenticated-stored-cross-site-scripting-via-booking_form_page_url-parameter</loc>
<lastmod>2026-05-05T18:41:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hillter/hillter-307-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopperapproved-reviews/shopper-approved-reviews-20-21-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-04-01T20:28:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-2828-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1133-cross-site-request-forgery-to-profile-deletion</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-and-replace-content/find-and-replace-content-for-wordpress-11-missing-authorization-to-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-14T20:02:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-tables-for-wpbakery-page-builder/pricing-tables-for-wpbakery-page-builder-formerly-visual-composer-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/google-calendar-events-327-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-5194-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-09-29T16:24:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2050-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-04T19:06:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/overstock-affiliate-links/overstock-affiliate-links-11-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-19T15:07:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-copy-protector/wp-copy-protection-no-right-click-314-missing-authorization-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mmm-file-list/mmm-simple-file-list-23-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universam-demo/universam-87234-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flipping-cards/flipping-cards-130-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-page-builder-lite-554-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sri/subresource-integrity-sri-manager-040-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-file-size/media-library-file-size-167-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surferseo/surfer-132357-missing-authorization</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-2100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photonav/wp-photonav-122-authenticated-contributor-stored-cross-site-scripting-via-photonav-shortcode</loc>
<lastmod>2025-06-25T13:51:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zigaform-form-builder-lite/zigaform-form-builder-lite-742-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-counter/social-counter-205-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-responsive-multi-purpose-theme-484-reflected-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-kit-elementor-addons/news-kit-elementor-addons-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-224-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-609-authentication-bypass-to-admin</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lgpd-compliant-cookie-banner/illow-cookies-consent-020-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-353-missing-authorization-to-unauthenticated-form-generation</loc>
<lastmod>2025-12-15T18:47:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-xml-feed/import-xml-and-rss-feeds-214-unauthenticated-remote-code-execution</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-permalinks-cascade/the-permalinks-cascade-22-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2025-11-17T20:12:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/risk-free-cash-on-delivery-cod-woocommerce/risk-free-cash-on-delivery-cod-woocommerce-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forumwp/forumwp-214-missing-authorization</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-from-frontend/post-from-frontend-100-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-fomo-live-sales-notification-woocommerce-sales-popup-gdpr-social-proof-announcement-banner-floating-notification-bar-321-missing-authorization</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2631-authenticated-project-manager-sql-injection</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpglobus/wpglobus-multilingual-everything-196-cross-site-scripting-via-wpglobus_optionbrowser_redirectredirect_by_language</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-comments-extension/mainwp-comments-extension-406-missing-authorization</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pure-css-circle-progress-bar/pure-css-circle-progress-bar-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-post-generator-echo/echo-rss-feed-post-generator-546-unauthenticated-privilege-escalation</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager-resumes/wp-job-manager-resume-manager-210-cross-site-request-forgery</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-css3-related-posts-widget/related-posts-widget-with-thumbnails-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-for-geodirectory/events-calendar-for-geodirectory-2314-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-builder-ays/faq-builder-ays-135-blind-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nari-accountant/nari-accountant-1012-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:32:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/signup-signin/signup-signin-100-unauthenticated-privilege-escalation-via-weak-password-reset-validation-via-reset_activation_code-leading-to-account-takeover</loc>
<lastmod>2026-06-23T16:37:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncode-core/uncode-core-2916-authenticated-subscriber-arbitrary-shortcode-execution-in-uncode_get_medias</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-rating-system/gd-rating-system-350-unauthenticated-stored-cross-site-scripting-via-ip</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drop-shadow-boxes/drop-shadow-boxes-1713-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leopard-wordpress-offload-media/leopard-311-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-716-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flower-delivery-by-florist-one/flower-delivery-by-florist-one-358-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-351-denial-of-service-via-wp-postpass-cookie</loc>
<lastmod>2013-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delicious-recipes/wp-delicious-187-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-paypal-add-on/contact-form-7-paypal-stripe-add-on-193-cross-site-request-forgery</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-271-authenticated-admin-path-traversal</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bazinga/bazinga-119-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/user-feedback-1100-authenticated-editor-sql-injection</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-blocks/newspack-blocks-308-missing-authorization</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-320-reflected-cross-site-scripting-via-filtertype</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upi-qr-code-payment-for-woocommerce/upi-qr-code-payment-gateway-for-woocommerce-151-missing-authorization</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-click-login-as-user/login-as-user-103-authenticated-subscriber-privilege-escalation-via-oclaup_original_admin-cookie</loc>
<lastmod>2026-04-14T19:44:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hmh-footer-builder-for-elementor/hmh-footer-builder-for-elementor-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-editor/table-editor-164-cross-site-request-forgery</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup4phone/popup4phone-132-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-post-view-counter/kento-post-view-counter-28-cross-site-request-forgery</loc>
<lastmod>2016-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-starter-sites/athemes-starter-sites-1053-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-07-26T21:43:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appsero-helper/appsero-helper-132-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aa-audio-player/aa-audio-player-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-scroll-to-id/page-scroll-to-id-178-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rollback/rollback-123-cross-site-request-forgery</loc>
<lastmod>2015-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-buttons-social-sharing-icons-11112-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-31118-insufficient-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-google-sheets-connector/cf7-google-sheets-connector-509-missing-authorization-to-limited-site-configuration-update</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-profile/five-star-business-profile-and-schema-216-subscriber-page-creation-settings-update-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publish-2-pingfm/publish-2-pingfm-11-cross-site-request-forgery-to-stored-cross-site-scripting-via-wppingpingkey-parameter</loc>
<lastmod>2026-05-04T14:07:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spice-post-slider/carousel-recent-post-slider-and-banner-slider-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance/maintenance-402-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadcenter/wp-adcenter-260-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-box/popup-box-212-authenticated-local-file-inclusion</loc>
<lastmod>2022-05-17T11:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-20503-reflected-cross-site-scripting</loc>
<lastmod>2017-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/any-news-ticker/any-news-ticker-311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:27:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-01082-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/easy-drag-and-drop-all-import-wp-ultimate-csv-importer-56-cross-site-request-forgery</loc>
<lastmod>2019-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saasplate-core/saasplate-core-128-unauthenticated-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-booking/fluent-booking-the-ultimate-appointments-scheduling-events-booking-events-calendar-solution-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-booking-and-rentals-wordpress-theme-244-missing-authorization-to-authenticated-subscriber-arbitrary-reservation-post-deletion</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slide-categorywise/wp-slide-categorywise-11-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ycyclista/ycyclista-123-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protect-page/ppwp-wordpress-password-protect-page-185-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcasa/wpcasa-141-unauthenticated-code-injection</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tournamatch/wordpress-plugin-tournamatch-461-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiny-bootstrap-elements-light/tiny-bootstrap-elements-light-4334-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-29T15:27:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dw-promobar/dw-promobar-104-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/woolentor-253-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-lite-membership-plugin-4016-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-invitation-codes/cm-registration-tailored-tool-for-seamless-login-and-invitation-based-registrations-256-open-redirect</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-373-sensitive-information-exposure</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ablocks/ablocks-wordpress-gutenberg-blocks-240-missing-authorization-to-authenticated-subscriber-settings-modification</loc>
<lastmod>2026-01-06T19:05:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/beauty/beauty-114-authenticated-subscriber-stored-cross-site-scripting-via-tpl_featured_cat_id-parameter</loc>
<lastmod>2024-09-12T21:28:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-takeover/page-takeover-116-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atomchat/atomchat-115-authenticated-contributor-stored-cross-site-scripting-via-atomchat-shortcode</loc>
<lastmod>2024-10-31T20:30:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-2145-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-backup-to-dropbox/wordpress-backup-to-dropbox-41-reflected-cross-site-scripting</loc>
<lastmod>2014-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graceful-email-obfuscation/graceful-email-obfuscation-022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wish-list-for-woocommerce/wishlist-for-woocommerce-multi-wishlists-per-customer-317-cross-site-request-forgery-to-cross-site-scriping-via-wishlist-name</loc>
<lastmod>2025-03-07T14:14:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mortgage-loan-calculator/mortgage-calculator-loan-calculator-1517-cross-site-scripting</loc>
<lastmod>2021-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourmaster/tourmaster-538-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autolinks/autolinks-101-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-login-and-registration-modal-popup/ajax-login-and-registration-modal-popup-inline-form-224-reflected-cross-site-scripting</loc>
<lastmod>2024-11-12T13:26:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppopupmagic/wp-popup-magic-100-authenticated-contributor-stored-cross-site-scripting-via-name-shortcode-attribute</loc>
<lastmod>2026-01-08T21:19:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-submissions/cf7-submissions-026-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-gallery/file-gallery-1853-authenticated-contributor-stored-cross-site-scripting-via-file_gallery_shortcode</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thrive-apprentice/thrive-apprentice-108102-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tplayer-html5-audio-player-with-playlist/tplayer-1216-unauthenticated-sql-injection</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stax-addons-for-elementor/elementor-addons-widgets-and-enhancements-stax-143-cross-site-request-forgery-via-toggle_widget</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-coming-soon/easy-coming-soon-182-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-location-google-map/multiple-location-google-map-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webo-facto-connector/webo-facto-140-unauthenticated-privilege-escalation</loc>
<lastmod>2024-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pressference-exporter/pressference-exporter-103-authenticated-administrator-sql-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-2145-missing-authorization-in-multiple-functions</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smiley/wp-smiley-141-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-51162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mtouch-quiz/mtouch-quiz-312-reflected-cross-site-scripting</loc>
<lastmod>2015-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-130-cross-site-request-forgery-via-wptodo_settings</loc>
<lastmod>2024-05-29T15:53:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-to-buffer/wordpress-to-buffer-381-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-custom-fields/delete-custom-fields-031-cross-site-request-forgery-to-post-meta-deletion</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder-block/popupkit-220-missing-authorization-to-sensitive-information-disclosure-and-data-deletion</loc>
<lastmod>2026-02-09T20:31:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woc-open-close/open-close-woocommerce-store-495-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breaking-news-ticker/breaking-news-ticker-244-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-bulb-finder-for-wp-wc/auto-bulb-finder-for-wordpress-280-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T21:29:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-taxonomy-images/easy-taxonomy-images-101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/honeypot-for-wp-comment/honeypot-for-wp-comment-223-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flo-forms/flo-forms-1043-missing-authorization</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-team-members/gs-team-members-223-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-for-music-radio-podcast-by-sonaar-55-authenticated-contributor-stored-cross-site-scripting-via-sonaar_audioplayer-shortcode</loc>
<lastmod>2024-07-09T19:09:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olimometer/olimometer-257-sql-injection</loc>
<lastmod>2016-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-all-urls/export-all-urls-41-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2022-05-27T12:58:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2675-reflected-cross-site-scripting</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/romethemekit-for-elementor-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-rating-system/gd-rating-system-23-cross-site-scripting</loc>
<lastmod>2018-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-451-missing-authorization</loc>
<lastmod>2022-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-3111-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/ip2location-country-blocker-2265-arbitrary-country-ban-via-cross-site-request-forgery</loc>
<lastmod>2022-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-wordpress-plugin-for-countdown-timer-counter-12-sql-injection</loc>
<lastmod>2022-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-455-exposure-of-private-personal-information-to-an-unauthorized-actor</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-roadmap/wp-roadmap-213-authenticated-contributor-sql-injection</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocs-currency-switcher-for-woocommerce-professional-free-137-authenticated-local-file-inclusion</loc>
<lastmod>2021-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-bulk-edit/astra-bulk-edit-1210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imember360/imember360-38012-39001-cross-site-request-forgery</loc>
<lastmod>2014-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-featured-images/category-featured-images-118-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verse-o-matic/verse-o-matic-411-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-714-sql-injection</loc>
<lastmod>2016-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-consent-for-developers/cookie-consent-for-developers-171-authenticated-administrator-stored-cross-site-scripting-via-multiple-settings-fields</loc>
<lastmod>2026-01-23T19:20:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-143-missing-authorization-to-authenticated-contributor-settings-update</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-sentinel/wordpress-sentinel-101-sql-injection</loc>
<lastmod>2011-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filr-protection/filr-secure-document-library-1211-authenticated-administrator-stored-cross-site-scripting-via-html-upload</loc>
<lastmod>2026-01-16T14:11:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-v1022-unauthenticated-information-exposure</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-calendar/wp-calendar-153-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe/iframe-50-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-writing-statistics/just-writing-statistics-53-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/platform/platform-144-missing-authorization-to-unauthenticated-arbitrary-options-update</loc>
<lastmod>2015-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system-pro/masterstudy-lms-pro-470-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-05-27T16:26:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-351-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfmatters/perfmatters-259-authenticated-subscriber-arbitrary-file-overwrite-via-snippets-parameter</loc>
<lastmod>2026-04-09T11:55:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-hover-footnotes/jquery-hover-footnotes-14-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-06-08T15:07:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-246-cross-site-scripting</loc>
<lastmod>2019-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft-126-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devnex-addons-for-elementor/devnex-addons-for-elementor-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-866-unauthenticated-open-redirect</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/more-featured-images/more-featured-images-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliced-invoices/sliced-invoices-392-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-related-posts/inline-related-posts-331-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rbxgallery/rbx-gallery-31-arbitrary-file-upload</loc>
<lastmod>2012-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-notification-for-telegram/order-notification-for-telegram-101-missing-authorization-to-unauthenticated-send-telegram-test-message</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertplug/convertplus-344-unauthorized-account-creation</loc>
<lastmod>2019-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/old-posts-highlighter/old-posts-highlighter-103-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-05-26T17:20:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-health-check/sitealert-formerly-wp-health-197-cross-site-request-forgery</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/easy-accept-payments-for-paypal-499-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0941-arbitrary-file-upload</loc>
<lastmod>2016-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-250-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sync-post-with-other-site/sync-post-with-other-site-151-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-calendar-booking-plugin-for-appointments-and-events-526-missing-authorization-to-booking-details-exposure</loc>
<lastmod>2026-02-11T13:37:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-builder/wdcontactformbuilder-1068-cross-site-request-forgery</loc>
<lastmod>2019-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-340-authenticated-subscriber-html-injection</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-3519-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ts-tree/ts-tree-011-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/manual-image-crop/manual-image-crop-110-reflected-cross-site-scripting</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/wp-ultimate-review-203-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blog/jetblog-248-unauthenticated-information-exposure</loc>
<lastmod>2026-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kbucket/kbucket-422-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-slider/b-slider-gutenberg-slider-block-for-wp-200-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-08-14T13:59:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-admanager/ad-manager-112-open-redirection</loc>
<lastmod>2014-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-1110-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/doctreat/doctreat-167-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto/canto-311-missing-authorization-to-authenticated-subscriber-arbitrary-setting-modification</loc>
<lastmod>2026-04-16T18:16:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cluevo-lms/cluevo-e-learning-platform-180-authenticated-cross-site-scripting</loc>
<lastmod>2022-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-pro/ajax-search-pro-4261-reflected-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-add/landing-page-builder-1515-open-redirect</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/id-arrays/id-arrays-212-reflected-cross-site-scripting</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-menu-block/sticky-content-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobwp/jobwp-240-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nps-computy/nps-computy-275-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acymailing/acymailing-smtp-newsletter-750-open-redirect</loc>
<lastmod>2021-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-addons-for-elementor/responsive-addons-for-elementor-154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publishpress/publishpress-editorial-calendar-workflow-comments-notifications-and-statuses-350-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-notification-bar/global-notification-bar-101-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wip-woocarousel-lite/wip-woocarousel-lite-117-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-395-unauthenticated-php-object-injection</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-responsive-news-tickers-sliders-and-lists-3142-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-2112-local-file-inclusion</loc>
<lastmod>2016-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-644-cross-site-request-forgery-via-ajax_delete_snapshot</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buymeacoffee/buy-me-a-coffee-button-and-widget-plugin-37-missing-authorization</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/camoo-sms/camoo-sms-301-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-1275-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-accelerated-mobile-pages-1092-authenticated-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-124-cross-site-request-forgery-to-plugin-language-translation-update</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-932-unauthenticated-sql-injection</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-640-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickdesigns/clickdesigns-180-missing-authorization-to-api-key-modification-or-removal</loc>
<lastmod>2025-01-06T15:06:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-316-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forum/wp-forum-174-remote-sql-injection</loc>
<lastmod>2008-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-invoice/easy-invoice-invoice-generator-pdf-quotes-payments-2119-unauthenticated-remote-code-execution</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youforms-free-for-copecart/youforms-for-wordpress-creating-forms-for-copecart-105-stored-cross-site-scripting</loc>
<lastmod>2021-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adserve/adserve-03-sql-injection</loc>
<lastmod>2008-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/template-events-calendar/events-shortcodes-templates-for-the-events-calendar-231-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-301-php-object-injection</loc>
<lastmod>2022-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/experto-cta-widget/experto-cta-widget-call-to-action-sticky-cta-floating-button-plugin-111-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycbgenie-clickbank-storefront/clickbank-storefront-wordpress-plugin-17-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-wpdevart-extended/countdown-and-countup-woocommerce-sales-timer-182-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-google/search-by-google-19-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-98501-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertcalculator/convertcalculator-for-wordpress-111-authenticated-contributor-stored-cross-site-scripting-via-id-and-type-parameter</loc>
<lastmod>2024-11-15T15:03:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yoo-slider/yoo-slider-plugin-200-stored-cross-site-scripting</loc>
<lastmod>2022-03-21T21:28:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wwc-amz-aff/woocommerce-amazon-affiliates-90216-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2015-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3-buttons/css3-buttons-01-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-05T17:37:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/go-to-top/go-to-top-008-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team/team-showcase-12228-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optio-dentistry/optio-dentistry-22-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T14:06:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sf-booking/service-finder-bookings-60-authentication-bypass-via-user-switch-cookie</loc>
<lastmod>2025-07-31T14:59:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-404-auto-redirect-to-similar-post/wp-404-auto-redirect-105-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2026-02-17T16:29:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motta-addons/motta-addons-161-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disqus-comment-system/disqus-comment-system-276-reflected-cross-site-scripting</loc>
<lastmod>2014-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-11150-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel-slider-for-elementor/post-carousel-slider-for-elementor-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log-pro/user-activity-log-pro-234-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olalaweb-mailchimp-campaign-manager/mailchimp-campaigns-324-missing-authorization-to-authenticated-subscriber-mailchimp-app-disconnection</loc>
<lastmod>2026-02-13T18:28:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripetto/wordpress-form-builder-plugin-for-contact-forms-surveys-and-quizzes-tripetto-806-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-design-icons-for-elementor/material-design-icons-for-page-builders-142-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-force-ssl/wp-force-ssl-https-ssl-redirect-166-missing-authorization-to-settings-update</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-774-missing-authorization-via-ajax</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-footnotes/modern-footnotes-1416-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-liveblog/twitter-liveblog-112-cross-site-request-forgery</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/enjoy-social-feed-622-missing-authorization</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-mylist/gd-mylist-111-stored-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-registration/simple-user-registration-63-unauthenticated-privilege-escalation</loc>
<lastmod>2025-06-25T13:47:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-media/external-media-1035-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-for-gutenberg-420-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anywhere-elementor/anywhere-elementor-1211-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minterpress/minterpress-105-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-business-directory/cm-business-directory-optimise-and-showcase-local-business-153-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-2162-authenticated-contributor-stored-cross-site-scripting-via-team-widget</loc>
<lastmod>2024-12-02T16:32:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vixus/vixus-business-startup-elementor-template-kit-1016-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rng-refresh/rng-refresh-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glossary-by-codeat/glossary-2127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aqualots/aqualots-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-contact-form-integration-for-elementor/eleforms-all-in-one-form-integration-including-db-for-elementor-2999-cross-site-request-forgery</loc>
<lastmod>2024-11-15T15:10:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tpg-get-posts/tpg-get-posts-365-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-16T10:45:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-coming-soon-maintenance-countdown-clock-2891-unauthenticated-limited-local-file-inclusion</loc>
<lastmod>2025-04-03T16:22:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wolfnet-idx-for-wordpress/wolfnet-idx-for-wordpress-1191-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pictpress/pictpress-091-directory-traversal</loc>
<lastmod>2007-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rename-media-files/rename-media-files-101-authenticated-contributor-remote-code-execution</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmlt-meeting-map/bmlt-meeting-map-260-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook/real3d-flipbook-10-reflected-cross-site-scripting</loc>
<lastmod>2016-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weather-atlas/weather-atlas-widget-121-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-404-unauthorized-post-meta-creationmodification</loc>
<lastmod>2020-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderplugin-video-embed/wonder-video-embed-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-star-rating-with-font-awersome/contact-form-7-star-rating-with-font-awesome-13-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-unishippers-edition/small-package-quotes-unishippers-edition-248-unauthenticated-sql-injection</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscription-with-secure-captcha/easy-email-subscription-13-authenticated-admin-sql-injection-via-uid</loc>
<lastmod>2025-11-05T14:24:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-blocks-pro/easy-blocks-pro-1021-missing-authorization</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-remote-thumbnail/wp-remote-thumbnail-132-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-424-cross-site-scripting-in-theme-preview</loc>
<lastmod>2015-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-590-missing-authorization</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockspare/gutenberg-page-builder-blocks-ready-made-patterns-library-324-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pearl-header-builder/wordpress-header-builder-plugin-pearl-136-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pawfriends/pawfriends-pet-shop-and-veterinary-wordpress-13-cross-site-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0849-sql-injection</loc>
<lastmod>2015-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-insufficient-access-control-to-menu-settings-update</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-360-362-missing-authorization-to-remote-code-execution</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sv100-companion/sv100-companion-2002-missing-authorization-to-unuathenticated-arbitrary-options-update</loc>
<lastmod>2024-12-05T19:32:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockons/blockons-1215-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_AI/ultimateai-283-authentication-bypass</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-312-incorrect-authorization-for-contributor-level-users</loc>
<lastmod>2011-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-5111-cross-site-request-forgery-to-arbitrary-payment-history-update</loc>
<lastmod>2021-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-invoice/wp-invoice-web-invoice-and-billing-431-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ooohboi-steroids-for-elementor/ooohboi-steroids-for-elementor-213-missing-authorization-leading-to-authenticated-subscriber-attachment-deletion</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-140-missing-authorization-to-authenticated-subscriber-db-cleanup-actions</loc>
<lastmod>2025-11-26T21:34:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-live-automated-evergreen-webinar-system-also-for-woocommerce-408253-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blrt-wp-embed/blrt-wp-embed-169-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-poster/fs-poster-658-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ostende/ostende-143-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/typekit/typekit-plugin-for-wordpress-123-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vcaching/varnishnginx-proxy-caching-183-unauthenticated-information-exposure</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-airbnb-review-slider/wp-airbnb-review-slider-32-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-327-cross-site-request-forgery-to-local-file-inclusion</loc>
<lastmod>2024-07-03T23:23:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revi-io-customer-and-product-reviews/reviio-573-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-content-shortcode/custom-content-shortcode-402-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-3925-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Premium_Gallery_Manager/premium-gallery-manager-unknown-versions-arbitrary-file-upload</loc>
<lastmod>2014-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codup-read-only-admin/codup-read-only-admin-1117-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/onetone/onetone-306-onetone-companion-111-stored-cross-site-scripting</loc>
<lastmod>2020-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-772-reflected-cross-site-scripting</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-categories/wp-hide-categories-10-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/riode/riode-multi-purpose-woocommerce-1623-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybb-last-topics/mybb-last-topics-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepen-embedded-pen-shortcode/codepen-embedded-pens-shortcode-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backupwordpress/backupwordpress-313-authenticated-admin-directory-traversal</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-42185-authenticated-admin-php-object-injection</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-express/webp-express-0259-unauthenticated-information-exposure</loc>
<lastmod>2025-12-03T15:48:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mooberry-book-manager/mooberry-book-manager-41512-unauthenticated-information-exposure-via-export-files</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-code/quick-code-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-syntax/wp-syntax-12-authenticated-author-regex-denial-of-service</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-designer/product-designer-1032-unauthenticated-php-object-injection</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-2110-authenticated-contributor-stored-cross-site-scripting-via-blocksy_newsletter_subscribe-shortcode</loc>
<lastmod>2025-09-16T17:33:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-profile-avatar/wp-user-profile-avatar-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-store/music-store-wordpress-ecommerce-1015-open-redirect</loc>
<lastmod>2015-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powr-pack/powr-210-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waitlist-woocommerce/waitlist-woocommerce-back-in-stock-notifier-275-reflected-cross-site-scripting</loc>
<lastmod>2024-09-13T14:49:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-and-ws-form-pro-18176-stored-cross-site-scripting</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-lite-352-authenticated-contributor-stored-cross-site-scripting-via-image-comparison-widget</loc>
<lastmod>2025-06-18T15:03:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-invoices-packing-slip-labels-for-woocommerce/woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-471-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rock-convert/rock-convert-2110-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveltour/travel-tour-524-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/multiple-elfinder-plugins-various-versions-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5942-insecure-direct-object-reference-to-authenticated-subscriber-private-messages-disclosure</loc>
<lastmod>2025-02-17T13:45:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folders/folders-unlimited-folders-to-organize-media-library-folder-pages-posts-file-manager-303-authenticated-contributor-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-08-05T22:52:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-61512-6162-unauthenticated-sql-injection</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unite-gallery-lite/unite-gallery-lite-15-sql-injection</loc>
<lastmod>2015-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registrations-for-the-events-calendar/registrations-for-the-events-calendar-274-reflected-cross-site-scripting</loc>
<lastmod>2021-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-quiz/wp-adv-quiz-102-authenticated-admin-stored-cross-site-scripting-via-quiz-question-and-message</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-copilot-content-generator/ai-chatbot-workflow-automation-by-aiwu-1417-unauthenticated-privilege-escalation</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awcode-toolkit/awcode-toolkit-1014-reflected-cross-site-scripting</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surbma-infusionsoft-shortcode/surbma-infusionsoft-shortcode-201-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-26T17:50:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpert-tab/xpert-tab-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-617-unauthenticated-insecure-direct-object-reference-to-payment-status-tampering-via-submission_id</loc>
<lastmod>2025-12-05T18:10:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popover-windows/popover-windows-12-cross-site-request-forgery-to-arbitrary-popover-configuration-update</loc>
<lastmod>2025-12-12T16:09:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-427-unauthenticated-sql-injection-via-c_fields</loc>
<lastmod>2024-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woostagram-connect/woostagram-connect-102-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-keyword-monitor/wp-keyword-monitor-105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sabre/sabre-122-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-3792-php-object-injection</loc>
<lastmod>2017-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-tables/justtables-woocommerce-product-table-149-cross-site-request-forgery-via-plugin_activation</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-post-content-shortcode/get-post-content-shortcode-04-insecure-direct-object-reference-to-authenticated-contributor-sensitive-information-disclosure-via-post_content-shortcode</loc>
<lastmod>2024-12-13T15:54:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-for-sports-team-league-football-hockey-more-577-unauthenticated-sql-injection</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-woo-dynamic-pricing/dynamic-pricing-with-discount-rules-for-woocommerce-458-authenticated-shop-manager-sql-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snow-storm/snow-storm-146-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thrive-ab-page-testing/multiple-thrive-themes-and-plugins-various-versions-arbitrary-options-update</loc>
<lastmod>2021-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wux-blog-editor/wux-blog-editor-300-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minhnhut-link-gateway/minhnhut-link-gateway-361-reflected-cross-site-scripting-via-url-parameter</loc>
<lastmod>2026-05-26T20:48:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/setsail-membership/setsail-membership-103-authentication-bypass-via-account-takeover</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotbot/spotbot-018-reflected-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3311-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multitasking/wp-multitasking-0112-cross-site-request-forgery-to-smtp-settings-update</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-feed-to-post-autoblogging-news-youtube-video-feeds-aggregator-432-missing-authorization</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a4-barcode-generator/print-labels-with-barcodes-create-price-tags-product-labels-order-labels-for-woocommerce-346-authenticatedsubscriber-stored-cross-site-scripting-via-templates</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitch-tv-embed-suite/twitch-tv-embed-suite-210-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-pickup-store/wc-pickup-store-189-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-theme-core/jetthemecore-for-elementor-220-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-x/product-catalog-simple-1711-authenticated-contributor-stored-cross-site-scripting-via-show_products-shortcode</loc>
<lastmod>2025-02-27T18:52:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opening-hours/were-open-145-cross-site-request-forgery</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-for-paypal/checkout-for-paypal-1032-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videojs-hls-player/videojs-hls-player-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-854-reflected-cross-site-scripting-via-discount-editing</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pearl-header-builder/wordpress-header-builder-plugin-pearl-137-missing-authorization-to-unauthenticated-arbitrary-site-options-deletion</loc>
<lastmod>2024-06-11T20:05:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-document-embedder/google-doc-embedder-2518-cross-site-scripting</loc>
<lastmod>2015-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-add/landing-page-builder-1512-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-312-cross-site-request-forgery-via-rpress_orders_list_table_process_bulk_actions</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bought-together/wpc-frequently-bought-together-for-woocommerce-703-missing-authorization</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bello/bello-directory-listing-160-cross-site-scripting</loc>
<lastmod>2021-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-facebook-comments/wp-social-comments-172-missing-authorization-to-authenticated-subscriber-settings-change</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microsoft-clarity/microsoft-clarity-093-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-manager-for-woocommerce-386-authenticated-administrator-stored-cross-site-scripting-via-mep_get_option-function</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-531-arbitrary-file-upload-via-bypass</loc>
<lastmod>2020-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-sendle-shipping-method/sendle-shipping-602-missing-authorization</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_scraper/wordpress-woocommerce-scraper-plugin-import-data-from-any-website-107-unauthenticated-arbitrary-file-download</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandon-cart-pro/abandoned-cart-pro-for-woocommerce-1040-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-gutenberg-blocks-for-post-grid-323-incorrect-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmozo-addons-lite-for-elementor/wpmozo-addons-lite-for-elementor-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopsite-plugin/shopsite-1510-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T20:46:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-191-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fana/fana-1135-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-page-builder-features-342-authenticated-contributor-stored-cross-site-scripting-via-button-link</loc>
<lastmod>2025-01-10T14:30:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-delete/bulk-delete-553-missing-authorization</loc>
<lastmod>2016-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/conversios-707-authenticated-subscriber-sql-injection-via-ee_syncproductcategory</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-231-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kama-thumbnail/kama-thumbnail-351-cross-site-request-forgery</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-tables-in-wordpress-made-easy-331-reflected-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmarker-1145-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-687-reflected-cross-site-scripting</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anytrack-affiliate-link-manager/anytrack-affiliate-link-manager-155-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/stockholm/stockholm-96-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-saml-20-single-sign-on/saml-sp-single-sign-on-504-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-push-notifications/ultimate-push-notifications-118-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-addon-for-elementor/events-addon-for-elementor-229-authenticated-contributor-stored-cross-site-scripting-via-typewriter-and-countdown-widgets</loc>
<lastmod>2025-08-28T19:53:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-elementor-addons-1417-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1728-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syncee-for-suppliers/syncee-for-suppliers-105-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-341-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/v-form/vform-305-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knr-author-list-widget/axact-author-list-widget-300-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentstudio/contentstudio-125-authorization-bypass</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translate-this-google-translate-web-element-shortcode/translate-this-gtranslate-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemagick-engine/imagemagick-engine-1710-authenticated-administrator-remote-code-execution</loc>
<lastmod>2024-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-395-unauthenticated-privilege-escalation-via-arbitrary-password-reset</loc>
<lastmod>2026-06-30T19:08:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-optimize/wp-optimize-3211-cross-site-request-forgery</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/label-grid-tools/labelgrid-tools-1358-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-url-to-featured-image/add-featured-image-custom-link-200-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/like-dislike-plus-counter/like-dislike-plus-counter-like-dislike-buttons-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-bookings-wp/getbookingswp-1127-missing-authorization</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/good-url-preview-box/url-preview-box-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-196-missing-authorization</loc>
<lastmod>2017-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/bp-better-messages-19937-reflected-cross-site-scripting</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ali2woo-lite/aliexpress-dropshipping-with-alinext-lite-335-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-06-18T14:28:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3112-authenticatedcontributor-improper-authorization-to-views-modification</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpglobus/wpglobus-multilingual-everything-196-cross-site-scripting-via-wpglobus_optionpost_typepage</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-builder/chartify-317-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-expander/video-expander-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-folio/simple-folio-111-authenticated-contributor-stored-cross-site-scripting-via-client-name-and-link-meta-fields</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/os-datahub-maps/os-datahub-maps-183-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2026-02-02T18:50:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-images/slider-carousel-responsive-image-slider-150-missing-authorization</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-portal/client-portal-118-cross-site-request-forgery-via-cp_create_private_pages_for_all_users</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-view-google-calendar/list-view-google-calendar-743-authenticated-administrator-stored-cross-site-scripting-via-event-description</loc>
<lastmod>2026-04-14T11:14:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/wordpress-meta-data-and-taxonomies-filter-mdtf-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixel-formbuilder/pixel-wordpress-form-builderplugin-autoresponder-102-unauthenticated-sql-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-page-spider/admin-page-spider-331-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attesa-extra/attesa-extra-139-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/feedzy-rss-feeds-lite-510-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tempera/tempera-182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2119-reflected-cross-site-scripting</loc>
<lastmod>2021-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linked-variation/advanced-linked-variations-for-woocommerce-103-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-5163-unauthenticated-authorization-bypass</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-engage/fusion-engage-105-local-file-inclusion</loc>
<lastmod>2015-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yml-for-yandex-market/yml-for-yandex-market-423-reflected-cross-site-scripting</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-carticon/wp-carticon-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:28:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5470-reflected-cross-site-scripting-via-s</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-4110-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/single-property/single-property-28-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-slider-block/content-slider-block-create-fully-functional-slider-with-gutenberg-block-315-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe2/subscribe2-1040-missing-authorization</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-white-label-wordpress-3481-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-share-block/simple-social-share-block-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hreflang-manager-lite/hreflang-manager-106-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-user-avatar/one-user-avatar-236-cross-site-request-forgery</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-34271-stored-cross-site-scripting</loc>
<lastmod>2020-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-limit-login-attempts/limit-login-attempts-404-stored-cross-site-scripting</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awin-data-feed/awin-data-feed-17-reflected-cross-site-scripting</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wm-zoom/wm-zoom-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5984-missing-authorization-to-authenticated-subscriber-arbitrary-group-joining</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-baby-smtp/mail-baby-smtp-28-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otpless/otp-less-one-tap-sign-in-2058-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-create-countdown-coupon-video-contact-form-popups-497-missing-authorization-to-unauthenticated-limited-options-update</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_clone_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/convex/convex-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snap-pixel/snap-pixel-157-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zarinpal-paid-downloads/zarinpal-paid-downloads-23-reflected-cross-site-scripting</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tp-gallery-slider/tp-gallery-slider-12-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kathmag/multiple-sparklewpthemes-themes-various-versions-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-414-reflected-cross-site-scripting</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cornerstone/cornerstone-788-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-840-missing-authorization</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker-seo/broken-link-checker-126-authenticated-author-sql-injection</loc>
<lastmod>2025-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remoji/remoji-postcomment-reaction-and-enhancement-22-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2311-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmastertoolkit/wpmastertoolkit-wpmtk-all-in-one-plugin-252-authenticated-administrator-to-arbitrary-file-read-and-write</loc>
<lastmod>2025-04-23T19:54:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-497-authenticated-arbitrary-file-deletion</loc>
<lastmod>2018-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ical-availability/wp-ical-availability-103-missing-authorization</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popular-posts/wordpress-popular-posts-710-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-01-03T10:02:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polylang/polylang-151-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addonify-quick-view/addonify-quick-view-for-woocommerce-1216-unauthenticated-full-path-dislcosure</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kona-instagram-feed-for-gutenberg/kona-gallery-block-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/papercite/papercite-0518-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pre-orders/woocommerce-pre-orders-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-front-end-editor/wp-quick-frontend-editor-55-authenticated-settings-change</loc>
<lastmod>2021-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-and-product-woocommerce-tabs/category-and-product-woocommerce-tabs-10-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-11-17T20:16:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-server-stats/wp-server-health-stats-1610-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/social-share-social-login-and-social-comments-plugin-super-socializer-71368-authentication-bypass-via-disqus-oauth-provider</loc>
<lastmod>2024-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/justified-gallery/justified-gallery-173-missing-authorization-via-dismiss_how_to_use_notice-and-dismiss_notice</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-authorization-bypass</loc>
<lastmod>2018-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-318-authenticated-subscriber-php-object-injection-via-phar-deserialization</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multishipping/wcmultishipping-mondial-relay-inpost-chronopost-for-woocommerce-302-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boombox-theme-extensions/boombox-theme-extensions-180-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-poll/liquidpoll-advanced-polls-for-creators-and-brands-3377-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-3819-unauthenticated-stored-cross-site-scripting-via-form-calculations</loc>
<lastmod>2024-12-11T16:24:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtbabel/gtbabel-668-unauthenticated-cookie-stealing</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buooy-sticky-header/buooy-sticky-header-052-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-gutenberg-blocks-page-builder-for-gutenberg-editor-335-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-207-sql-injection</loc>
<lastmod>2007-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-2156-authenticated-local-file-inclusion-sql-injection</loc>
<lastmod>2016-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-324-missing-authorization-via-cnss_save_ajax_order</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-autoresponder-addon/bakery-autoresponder-addon-106-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neresa-wp/neresa-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner/advanced-database-cleaner-316-cross-site-request-forgery</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prestige/prestige-141-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-performance-pack/wp-performance-pack-254-cross-site-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookster/bookster-wordpress-appointment-booking-plugin-110-unauthenticated-appointment-manipulation</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-and-understood/read-and-understood-21-stored-cross-site-scripting</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aeroscroll-gallery/aeroscroll-gallery-infinite-scroll-image-gallery-post-grid-with-photo-gallery-1012-unauthenticated-directory-traversal</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-vouchers/woocommerce-pdf-vouchers-494-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-bacs-receipt-upload-for-woocommerce/peprodev-woocommerce-receipt-uploader-269-reflected-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-287-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2884-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-store/music-store-1041-cross-site-scripting</loc>
<lastmod>2016-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/esteem/esteem-150-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-199-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-222-cross-site-scripting-via-range-parameter</loc>
<lastmod>2014-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-it/hide-it-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T17:48:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-connector-pro/post-connector-103-and-post-conector-premium-163-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-1114-authenticated-student-insecure-direct-object-reference</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-500-720-privilege-escalation-via-rest-api</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-763-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13986-authenticated-subscriber-private-post-disclosure</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1393-authenticated-contributor-stored-cross-site-scriting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/biagiotti/biagiotti-352-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaypricing/yaypricing-353-missing-authorization</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugins-dashboard/download-plugins-and-themes-in-zip-from-dashboard-191-reflected-cross-site-scripting</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/market-exporter/market-exporter-2019-missing-authorization-to-arbitrary-file-deletion</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depay-payments-for-woocommerce/web3-cryptocurrency-payments-by-depay-for-woocommerce-21217-missing-authorization-to-information-exposure</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.8/wordpress-682-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-avatar-reloaded/user-avatar-reloaded-121-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-401-missing-authorization-via-remove_feedbacktool_notice</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-product-add-ons/yith-woocommerce-product-add-ons-450-unuathenticated-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/bookly-215-unauthenticated-stored-cross-site-scripting-via-name</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-609-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beds24-online-booking/beds24-online-booking-2027-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-file-upload-for-elementor-forms/drag-and-drop-file-upload-for-elementor-forms-153-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmb2/cmb2-2101-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-google-code-inserter/smart-google-code-inserter-35-stored-cross-site-scripting</loc>
<lastmod>2018-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-pages/wordpress-landing-pages-123-sql-injection</loc>
<lastmod>2013-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrio-core/integrio-core-128-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-welcome-bar/welcome-bar-204-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogbyte/blogbyte-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-expiry-for-woocommerce/product-expiry-for-woocommerce-25-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentstudio/contentstudio-118-missing-authorization</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwolle-gb/gwolle-guestbook-471-reflected-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/axeptio-sdk-integration/axeptio-254-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-454-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickyelements/all-in-one-floating-contact-form-my-sticky-elements-213-missing-authorization</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-landing-page/landing-page-builder-free-landing-page-templates-3198-local-file-inclusion-via-lpp_template_select</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upcoming-events-lists/upcoming-events-lists-140-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-passkeys/secure-passkeys-121-missing-authorization-to-authenticated-subscriber-passkey-exposure-and-deletion</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-addons-and-templates-kit-for-elementor-171049-missing-authorization-to-unauthenticated-custom-post-type-contents-exposure</loc>
<lastmod>2026-03-16T15:17:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nazy-load/flying-images-optimize-and-lazy-load-images-for-faster-page-speed-2414-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-objects/gallery-objects-04-sql-injection</loc>
<lastmod>2014-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-voucher/gift-cards-gift-vouchers-and-packages-woocommerce-supported-418-sql-injection</loc>
<lastmod>2018-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/presto-player/the-ultimate-video-player-for-wordpress-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-11232-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-05-02T19:04:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photosmash-galleries/photosmash-plugin-105-cross-site-scripting</loc>
<lastmod>2011-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-unlock-lite/subscribe-to-unlock-lite-130-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-182-unauthenticated-content-injection</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pool-services/pool-services-33-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-dev-tools/premmerce-dev-tools-20-missing-authorization-to-authenticated-subscriber-remote-code-execution-via-plugin-creation</loc>
<lastmod>2026-06-15T16:26:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-buttons-by-supsystic/social-share-buttons-by-supsystic-223-cross-site-request-forgery</loc>
<lastmod>2022-05-27T13:59:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-2913-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatebud-properties-listings/estatebud-properties-listings-550-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-24T19:32:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inet-webkit/inet-webkit-122-missing-authorization</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-157-authenticated-administrator-stored-cross-site-scripting-via-ce_venue_name-parameter</loc>
<lastmod>2026-02-17T20:16:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-on-site-seo-79-authenticatedcontributor-stored-cross-site-scripting-via-social-image-url</loc>
<lastmod>2024-06-19T13:31:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-add-to-cart-text-change/add-to-cart-text-changer-and-customize-button-add-custom-icon-20-cross-site-request-forgery-via-wactc_text_form</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-10147-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-powerplaygallery/powerplay-gallery-33-sql-injection</loc>
<lastmod>2015-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/monkee-boy-wp-essentials/monkee-boy-essentials-11-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-25T20:36:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-webrtc-hls-rtsp-rtmp-6110-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-funnel-manager/wp-funnel-manager-140-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/database-for-contact-form-7-wpforms-elementor-forms-133-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boombox-theme-extensions/boombox-theme-extensions-180-authenticated-subscriber-privilege-escalation-via-password-resetaccount-takeover-in-boombox_ajax_reset_password</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-4913-missing-authorization</loc>
<lastmod>2024-05-29T14:49:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-website-and-ecommerce-builder-for-wordpress-11130-authenticated-contributor-stored-cross-site-scripting-via-url-attribute</loc>
<lastmod>2024-06-24T21:29:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fotobook/fotobook-323-reflected-cross-site-scripting</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/decalog/decalog-390-authenticated-admin-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yame-linkinbio/yame-link-in-bio-090-unauthenticated-information-exposure</loc>
<lastmod>2025-05-01T13:10:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joli-faq-seo/joli-faq-seo-wordpress-faq-plugin-132-cross-site-request-forgery</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miraculouscore/miraculous-core-209-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maximum-products-per-user-for-woocommerce/maximum-products-per-user-for-woocommerce-443-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-post-type-slug/remove-post-type-slug-102-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-02-18T15:59:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-buddy-online-appointment-booking-by-accrete/appointment-buddy-widget-12-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-723-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addthis/wordpress-share-buttons-plugin-addthis-220-code-injection</loc>
<lastmod>2011-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-user-registration-plugin-with-custom-registration-forms-6026-unauthenticated-privilege-escalation-via-password-recovery</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-wp/hide-my-wp-ghost-security-firewall-5301-reflected-cross-site-scripting-via-url</loc>
<lastmod>2024-11-14T18:16:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-widget/rss-feed-widget-297-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-chat/wise-chat-263-reverse-tabnabbing</loc>
<lastmod>2019-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-21210-cross-site-request-forgery-to-membership-modification</loc>
<lastmod>2024-06-18T18:44:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearbit/clearbit-reveal-106-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-piwik/wp-matomo-integration-wp-piwik-105-cross-site-scripting</loc>
<lastmod>2015-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-addons-for-elementor/responsive-addons-for-elementor-free-elementor-addons-plugin-and-elementor-templates-164-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-dashboard-twitter/wordpress-dashboard-tweeter-132-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mpdf/wp-mpdf-351-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-order-category/custom-categorypost-type-post-order-160-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwolle-gb/gwolle-guestbook-253-cross-site-scripting</loc>
<lastmod>2018-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starbox/starbox-the-author-box-for-humans-347-insecure-direct-object-reference</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-260-multiple-cross-site-scripting</loc>
<lastmod>2020-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-207-authenticated-contributor-dom-based-stored-cross-site-scripting-via-countdown</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-252-unauthenticated-payment-amount-validation-bypass-via-form_id</loc>
<lastmod>2026-03-27T12:56:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-woocommerce-brands/perfect-brands-for-woocommerce-204-unauthorized-brand-creation</loc>
<lastmod>2022-01-28T09:32:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/porto-functionality/porto-theme-functionality-373-missing-authorization</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-nofollow-commenter-link/remove-nofollow-commenter-url-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-06-01T19:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wens-responsive-column-layout-shortcodes/evision-responsive-column-layout-shortcodes-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/capability-manager-enhanced/publishpress-capabilities-158-authenticated-sql-injection</loc>
<lastmod>2018-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadcapture/wp-lead-capturing-pages-26-unauthenticated-sql-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-lite-plugin-2011-sql-injection</loc>
<lastmod>2019-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-184-authenticatedcontributor-stored-cross-site-scripting-via-custom-attributes</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/serial-codes-generator-and-validator/serial-codes-generator-and-validator-with-woocommerce-support-2414-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-and-backup-786-unauthenticated-information-disclosure-via-error-logs</loc>
<lastmod>2024-10-21T16:33:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-237-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2016-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedding-barcodes-into-product-pages-and-orders/barcode-generator-for-woocommerce-204-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-inventory-manager/plaininventory-316-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/8-degree-notification-bar/notification-bar-for-wordpress-118-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-import-export-for-woo/product-import-export-for-woocommerce-241-authenticatedshop-manager-arbitrary-file-upload</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-font-awesome/advanced-custom-fields-font-awesome-501-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook-lite/3d-flipbook-pdf-viewer-pdf-embedder-real-3d-flipbook-wordpress-plugin-362-reflected-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-post-generator-echo/echo-rss-feed-post-generator-5481-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-281-local-file-inclusion</loc>
<lastmod>2019-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-core/designthemes-core-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marker-io/markerio-116-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-2314-reflected-cross-site-scripting</loc>
<lastmod>2018-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Blooog-v1.1/bloog-11-cross-site-scripting</loc>
<lastmod>2013-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/direct-payments-wp/direct-payments-wp-130-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-vp2-html5-bottom/html5-video-player-535-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/freesia-empire/freesia-empire-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-3848-missing-authorization</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/highlight-and-share/highlight-and-share-social-text-and-image-sharing-511-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/point-maker/point-maker-016-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-04T21:06:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-zoho/integration-for-contact-form-7-and-zoho-crm-bigin-117-cross-site-scripting</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php-code-snippet/insert-php-code-snippet-134-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cache-images/cache-images-32-cross-site-request-forgery-to-image-upload</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-rocket/social-rocket-social-sharing-plugin-1210-cross-site-request-forgery</loc>
<lastmod>2020-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-with-ticket-scanner/event-tickets-with-ticket-scanner-237-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homeroofer/homeroofer-2110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-328-reflected-cross-site-scripting</loc>
<lastmod>2019-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-headers-and-footers/wpcode-206-missing-authorization-to-sensitive-key-disclosureupdate</loc>
<lastmod>2023-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/post-grid-gutenberg-blocks-for-news-magazines-blog-websites-postx-505-missing-authorization-to-limited-post-meta-modification</loc>
<lastmod>2026-04-15T18:53:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-431-missing-authorization-to-unauthenticated-orders-statistics-exposure</loc>
<lastmod>2025-12-15T16:22:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-cleaner/easy-wp-cleaner-19-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-297-reflected-cross-site-scripting</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection</loc>
<lastmod>2024-09-27T13:58:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/revolution/revolution-258-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpview/wpview-130-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-436-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-346-cross-site-scripting</loc>
<lastmod>2018-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-map-no-api/simple-map-no-api-19-authenticated-contributor-stored-cross-site-scripting-via-width-parameter</loc>
<lastmod>2025-02-17T15:46:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebay-feeds-for-wordpress/wp-ebay-product-feeds-331-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-estate-pro/opal-estate-pro-property-management-and-submission-176-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-21T19:15:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-562-booster-plus-600-and-booster-elite-600-for-woocommerce-reflected-cross-site-scripting</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-switcha/theme-switcha-34-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unyson/unyson-2718-sensitive-information-exposure</loc>
<lastmod>2018-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/gourl-bitcoin-payment-gateway-paid-downloads-membership-1413-arbitrary-file-upload</loc>
<lastmod>2018-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metasync/search-atlas-seo-254-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-384-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-498-unauthenticated-stored-cross-site-scripting-via-x-forwarded-for-header</loc>
<lastmod>2026-02-12T01:05:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-source-control-isc/image-source-control-lite-show-image-credits-and-captions-2280-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/total/total-theme-2119-authenticatedsubscriber-plugin-activation</loc>
<lastmod>2023-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ppv-live-webcams/paid-videochat-turnkey-site-html5-ppv-live-webcams-7323-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-2723-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-restaurant-menu/restaurant-menu-by-motopress-246-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/biagiotti-core/biagiotti-core-213-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/saaslauncher/saaslauncher-130-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sogrid/sogrid-156-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gyan-elements/gyan-elements-221-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stklcode-liveticker/liveticker-by-stklcode-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imager-elementor/imager-for-elementor-204-missing-authorization</loc>
<lastmod>2025-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-change-monitor/seo-change-monitor-12-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/laurent/laurent-elegant-restaurant-wordpress-theme-31-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/wp-customer-reviews-375-reflected-cross-site-scripting-via-wpcr3_fname-parameter</loc>
<lastmod>2026-02-18T16:21:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-10296-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/itactics/itactics-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-science-designer/print-science-designer-13155-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialsnap/social-media-plugin-by-social-snap-136-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-448-unauthenticated-stored-cross-site-scripting-in-admin-dashboard</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-feeds/ai-feeds-1011-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-11-25T09:45:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editionguard-for-woocommerce-ebook-sales-with-drm/editionguard-for-woocommerce-ebook-sales-with-drm-342-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-import-export-for-woo/product-import-export-for-woocommerce-import-export-product-csv-suite-256-missing-authorization</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-17-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-restriction/premium-age-verification-restriction-for-wordpress-302-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-extended/advanced-custom-fields-extended-0905-0911-unauthenticated-remote-code-execution-in-prepare_form</loc>
<lastmod>2025-12-02T18:43:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloprint/helloprint-146-reflected-cross-site-scripting</loc>
<lastmod>2022-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-builder-ays/faq-builder-ays-171-reflected-cross-site-scripting</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-386-missing-authorization</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pz-linkcard/pz-linkcard-256-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-reflected-cross-site-scripting-via-shortcode-previews</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-6122-missing-authorization</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-510-missing-authorization-to-information-disclosure</loc>
<lastmod>2021-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-10101-unauthenticated-arbitrary-record-creation</loc>
<lastmod>2026-06-19T06:01:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-buddypress-integration-xprofile-checkout-manager/buddypress-xprofile-checkout-manager-for-woocommerce-135-stored-cross-site-scripting</loc>
<lastmod>2022-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-442-unauthenticated-local-file-inclusion</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pocket-widget/pocket-widget-013-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-custom-registration-form-login-form-and-user-profile-413-insecure-direct-object-reference-to-unauthenticated-membership-modification</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-projects/cost-calculator-18-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/os-diagnosis-generator/-1416-authenticated-subscriber-stored-cross-site-scripting-via-js-parameter</loc>
<lastmod>2026-05-19T12:02:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-manager/media-file-manager-142-directory-traversal-to-arbitrary-file-relocation</loc>
<lastmod>2018-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailerpress/mailerpress-204-authenticated-author-stored-cross-site-scripting-via-campaign-html-content-field</loc>
<lastmod>2026-06-08T19:47:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-targetly-geo-content/geo-content-60-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:26:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revinsite/revinsite-110-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-05T17:46:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-avatars/author-avatars-listblock-2125-missing-authorization</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-video/responsive-video-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T17:23:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-js-files/css-js-files-150-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelbeds-channel-manager-booking-engine/pixelbeds-channel-manager-and-hotel-booking-engine-10-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-247-authenticated-admin-sql-injection</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-optin-box/wordpress-newsletter-plugin-noptin-165-open-redirect</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/felan-framework/felan-framework-113-unauthenticated-sql-injection</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integromat-connector/make-connector-1510-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-09-03T21:08:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloud-search/cloudsearch-300-cross-site-request-forgery</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gold-price-chart-widget/live-gold-price-silver-price-charts-widgets-24-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5360-missing-authorization</loc>
<lastmod>2023-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/friechat/friechat-wordpress-chat-plugin-103-sql-injection</loc>
<lastmod>2015-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-351-server-side-request-forgery</loc>
<lastmod>2013-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/card-elements-for-elementor/card-elements-for-elementor-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo-premium/yoast-seo-premium-204-missing-authorization-to-zapier-key-reset</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-address-encoder/email-encoder-0312-premium-1025-free-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-backup/database-backup-and-check-tables-automated-with-scheduler-2024-235-authenticated-administrator-sensitive-information-exposure</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webd-woocommerce-advanced-reporting-statistics/advanced-woocommerce-product-sales-reporting-411-unauthenticated-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/art-theme/art-theme-31223-missing-authorization-to-authenticated-subscriber-theme-option-delete</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/picturesurf-gallery/picturesurf-gallery-12-arbitrary-file-upload</loc>
<lastmod>2012-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coordinadora/envos-coordinadora-woocommerce-1131-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-404-cross-site-request-forgery</loc>
<lastmod>2025-10-30T20:18:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-106-unauthenticated-php-object-injection</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-product-labels-for-woocommerce/product-labels-for-woocommerce-sale-badges-158-authenticated-admin-sql-injection</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-easy-us-sales-taxes/easy-us-sales-taxes-add-on-for-ithemes-exchange-110-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-23-related-posts-plugin/wordpress-related-posts-364-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-ip-and-location/user-ip-and-location-22-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75377212-insufficient-input-validation-to-unauthenticated-stored-cross-site-scripting-and-arbitrary-usermeta-update</loc>
<lastmod>2023-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-701-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/apicona/apicona-2410-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commentator/commentator-253-reflected-cross-site-scripting</loc>
<lastmod>2016-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oceanpayment-creditcard-gateway/oceanpayment-creditcard-gateway-60-missing-authentication-to-unauthenticated-order-status-update</loc>
<lastmod>2025-10-14T19:36:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedocs/wedocs-2116-missing-authorization-to-authenticated-subscriber-documentation-post-update</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-export-categories-taxonomies/export-categories-taxonomies-103-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-disclosure-statement/affiliate-disclosure-statement-03-cross-site-request-forgery</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-213-authenticated-administrator-stored-cross-site-scripting-via-breeze_api_token</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentstudio/contentstudio-137-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-212-missing-authorization</loc>
<lastmod>2022-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-woocommerce-wordpress-648-unauthenticated-server-side-request-forgery-via-race-condition</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ooohboi-steroids-for-elementor/ooohboi-steroids-for-elementor-214-missing-authorization-leading-to-authenticated-subscriber-image-upload</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-130-unauthenticated-remote-code-execution</loc>
<lastmod>2023-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-approved-notifier-extended/comment-approved-notifier-extended-52-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/evently/evently-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/advanced-form-integration-1750-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-google-tag-manager/really-simple-google-tag-manager-106-cross-site-request-forgery-via-plugin_activation</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listdom/listdom-501-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertforce-popup-builder/convertforce-popup-builder-007-stored-cross-site-scripting-via-entrance_animation</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/scylla-lite/scylla-lite-183-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-06-27T20:12:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-full-stripe-free/stripe-payment-forms-by-wp-full-pay-843-missing-authorization-to-unauthenticated-payment-record-manipulation-via-paymentintentid-parameter</loc>
<lastmod>2026-06-26T18:04:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prettyphoto/wordpress-prettyphoto-123-authenticated-contributor-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2024-06-05T15:42:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-600-cross-site-scripting</loc>
<lastmod>2015-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inactive-logout/inactive-logout-322-missing-authorization</loc>
<lastmod>2023-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-55-unauthenticated-information-disclosure</loc>
<lastmod>2020-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-3210-sql-injection</loc>
<lastmod>2019-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saphali-woocommerce-lite/saphali-woocommerce-lite-1813-cross-site-request-forgery-via-woocommerce_saphali_page_s_l</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salient-core/salient-core-308-missing-authorization</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dw-question-answer-pro/dw-question-answer-pro-136-missing-authorization-checks</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ymc-smart-filter/filter-grids-292-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/next-page/next-page-152-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subscription-forms/wp-subscription-forms-123-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-603-authenticated-contributor-stored-cross-site-scripting-via-fancy-text-widget</loc>
<lastmod>2024-09-10T17:52:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-pay-buy-donation-and-cart-buttons-shortcode/paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-17-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-22T12:58:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-320-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/striking-r/striking-234-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-cf7/extensions-for-cf7-320-authenticated-admin-sever-side-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-seo-pack/premium-seo-pack-332-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templates-patterns-collection/cloud-templates-patterns-collection-122-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-top/wp-auto-top-293-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-287-privilege-escalation</loc>
<lastmod>2016-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-slick-slider/responsive-slick-slider-wordpress-15-authenticated-contributor-content-injection</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-widget/content-blocks-custom-post-widget-330-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/wc-marketplace-4117-reflected-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers-premium/icegram-express-pro-595-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-for-woocommerce/xplainer-woocommerce-product-faq-woocommerce-accordion-faq-plugin-170-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-08T19:41:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pvn-auth-popup/pvn-auth-popup-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediavine-control-panel/mediavine-control-panel-2106-unauthenticated-information-exposure</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onelogin-saml-sso/onelogin-saml-sso-plugin-216-authentication-bypass</loc>
<lastmod>2016-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-support/majestic-support-the-leading-edge-help-desk-customer-support-plugin-105-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-3212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-instagram-feed/10web-social-photo-feed-1428-reflected-cross-site-scripting</loc>
<lastmod>2021-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photocrati-theme/photocrati-480-cross-site-scripting</loc>
<lastmod>2014-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-picasa-albums-viewer/google-photos-gallery-with-shortcodes-402-reflected-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/felan-framework/felan-framework-114-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-activationdeactivation-via-process_plugin_actions</loc>
<lastmod>2025-10-15T18:07:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-wp-page-to-static-html/export-wp-page-to-static-htmlcss-410-missing-authorization</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-missing-authorization</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-1240-cross-site-request-forgery-via-update_project</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realty-workstation/realty-workstation-109-authenticated-sql-injection</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-yellow-bgbox/remove-yellow-bgbox-10-cross-site-request-forgery</loc>
<lastmod>2026-05-19T12:07:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-ninja/shortcode-ninja-14-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-google-docs-vimeo-wistia-embed-youtube-videos-audios-maps-embed-any-documents-in-gutenberg-elementor-3912-authenticated-contributor-stored-cross-site-scripting-via-embedpress_doc_custom_color</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/wp-abstracts-262-cross-site-request-forgery</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cision-block/cision-block-430-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-05-05T20:29:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-289-reflected-cross-site-scripting-via-x-forwarded-for</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-wp-page-permalinks/wp-page-permalink-extension-154-missing-authorization-to-authenticated-subscriber-arbitrary-rewrite-rules-flush</loc>
<lastmod>2026-01-08T21:56:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viabill-woocommerce/viabill-woocommerce-1170-missing-authorization-to-unauthenticated-settings-change</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fresh-framework/fresh-framework-1700-unauthenticated-remote-code-execution</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-5723-unauthenticated-sql-injection-via-optin</loc>
<lastmod>2024-06-20T16:01:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundslides/soundslides-250-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-cross-site-scripting-via-media-playlists</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-vendors/woocommerce-products-vendor-2165-unauthenticated-sql-injection</loc>
<lastmod>2022-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-timeline-lite/bold-timeline-lite-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-framework/the-gdpr-framework-by-data443-210-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop/cryptocurrency-token-launchpad-presale-ico-ido-airdrop-by-tokenico-247-missing-authentication-to-unauthenticated-presale-update</loc>
<lastmod>2025-11-20T19:19:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-social-media-share-buttons/woocommerce-social-media-share-buttons-130-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phone-orders-for-woocommerce/phone-orders-for-woocommerce-371-missing-authorization</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements-elementor/thegem-theme-elements-for-elementor-51051-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiparcels-shipping-for-woocommerce/multiparcels-shipping-for-woocommerce-1155-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hot-random-image/hot-random-image-192-authenticated-contributor-stored-cross-site-scripting-via-link-parameter</loc>
<lastmod>2025-05-21T20:43:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-tiktok-feed/tiktok-feed-1021-missing-authorization</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-gateway-iris/checkout-gateway-for-iris-13-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirection/redirection-229-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-8534-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notifications-for-wp/push-notifications-for-wordpress-lite-601-cross-site-request-forgery</loc>
<lastmod>2021-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-registration-spam/stop-registration-spam-124-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1535-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clicksold-wordpress-plugin/wordpress-clicksold-idx-plugin-190-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contact-form/wp-contact-form-16-cross-site-request-forgery-via-wpcf_adminpage</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-text-widget/advanced-text-widget-201-cross-site-scripting</loc>
<lastmod>2012-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-065-authenticated-contributor-sql-injection</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-489-unauthenticated-time-based-sql-injection-via-bsa_pro_id</loc>
<lastmod>2025-07-01T14:54:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pure-chat/pure-chat-live-chat-plugin-more-222-cross-site-request-forgery</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-2620-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anything-order-by-terms/anything-order-by-terms-140-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taxonomy-terms-order/category-order-and-taxonomy-terms-order-1460-cross-site-scripting</loc>
<lastmod>2015-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-306-unauthetnicated-path-traversal-to-arbitrary-image-view</loc>
<lastmod>2024-11-26T16:32:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aperitif/aperitif-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-2821-authenticatededitor-arbitrary-file-upload</loc>
<lastmod>2023-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amberlink/amber-144-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noisa/noisa-260-unauthenticated-php-object-injection</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progress-planner/progress-planner-092-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jamstack-deployments/jamstack-deployments-111-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toolpage/toolpage-161-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/configure-conference-room/wp-virtual-room-configurator-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-396-cross-site-request-forgery-to-order-status-update</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freemind-wp-browser/freemind-wp-browser-12-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-310-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-477-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipes-writer/recipes-writer-104-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-post-images/extra-post-images-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-05T17:43:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-18-xml-external-entity-injection</loc>
<lastmod>2017-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-import-export-for-woocommerce/order-export-order-import-for-woocommerce-260-authenticated-admin-php-object-injection-via-form_data-parameter</loc>
<lastmod>2025-03-19T22:28:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/fastbook-responsive-appointment-booking-and-scheduling-system-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swipe-hq-checkout-for-jigoshop/jigoshop-swipe-plugin-310-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freshmail-newsletter/freshmail-158-multiple-sql-injections</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-to-welcome-or-landing-page/redirect-wordpress-to-welcome-or-landing-page-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1693-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-xpro-addons-for-elementor-free-1443-authenticated-contributor-stored-cross-site-scripting-via-post-grid-widget</loc>
<lastmod>2024-08-26T22:18:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4283-missing-authorization</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-265-authenticated-contributor-stored-cross-site-scripting-via-jkit-tabs-and-jkit-accordion-widgets</loc>
<lastmod>2024-06-14T12:29:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-304-unauthenticated-sql-injection</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpex-replace/wpex-replace-db-urls-040-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-spod/spreadconnect-215-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemagick-sharpen-resized-images/imagemagick-sharpen-resized-images-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41060-authenticated-contributor-dom-based-stored-cross-site-scripting-via-video-box-widget</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hello-event-widgets-for-elementor/hello-event-widgets-for-elementor-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-blank/super-blank-120-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-4612-stored-cross-site-scripting</loc>
<lastmod>2015-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rootspersona/rootspersona-375-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagepost-content-shortcode/pagepost-content-shortcode-10-missing-authorization</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2289-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-category-posts-list/wp-category-post-list-widget-203-cross-site-request-forgery-via-gen_set_page</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-owl-carousel/simple-owl-carousel-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/irm-newsroom/irm-newsroom-1219-authenticated-contributor-stored-cross-site-scripting-via-irmcalendarview-shortcode</loc>
<lastmod>2025-06-12T13:12:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-quotation/simple-quotation-132-cross-site-request-forgery</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3528-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-ups-edition/small-package-quotes-ups-edition-4516-unauthenticated-sql-injection</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invoicing/wordpress-payments-plugin-getpaid-233-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-cost-calculator/stylish-cost-calculator-815-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-power-bi-reports/powerbi-embed-reports-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:09:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-bbpress-attachments/gd-bbpress-attachments-25-stored-cross-site-scripting</loc>
<lastmod>2018-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-user-profile-user-registration-forms-plugin-1160-authentication-bypass</loc>
<lastmod>2014-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-ebay-listings/fast-ebay-listings-21215-open-redirect</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-442-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-03T16:39:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-lightbox/form-lightbox-21-unauthenticated-arbitrary-options-update</loc>
<lastmod>2016-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-manager-and-tickets-selling-plugin-for-woocommerce-353-arbitrary-settings-change</loc>
<lastmod>2021-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-162611-authenticated-admin-sql-injection</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dont-break-the-code/dont-break-the-code-31-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-missing-authorization-in-categorifyajaxdeletecategory</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobscout/jobscout-114-cross-site-request-forgery-to-notice-dimissal</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evergreen-post-tweeter/evergreen-post-tweeter-189-cross-site-request-forgery</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-shortcodes/themify-shortcodes-209-authenticated-contributor-stored-cross-site-scripting-via-themify_button-shortcode</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magty/magty-106-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cron-logger/cron-logger-130-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-pro/tutor-lms-pro-270-missing-authorization-to-sql-injection</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-100-unauthenticated-information-exposure</loc>
<lastmod>2025-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-442-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft-basic-125-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-comments-reloaded/subscribe-to-comments-reloaded-220725-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-day-booking-calendar/multi-day-booking-calendar-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-events/ultimate-events-133-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/biolife/biolife-323-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-related-attachments-widget/list-related-attachments-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/handmade-framework/handmade-framework-39-reflected-cross-site-scripting</loc>
<lastmod>2026-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator-widget/store-locator-widget-2025r1-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:26:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-services-booking/fat-services-booking-56-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aoa-downloadable/downloable-by-american-osteopathic-association-010-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-test-email/test-email-117-reflected-cross-site-scripting</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-162610-authenticated-contributor-protected-post-disclosure</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-instagram-lite/gallery-for-social-photo-10027-cross-site-request-forgery-to-post-duplication</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-manager-career/job-manager-career-143-sensitive-information-exposure</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-extra-fields/wordpress-user-extra-fields-167-authenticated-subscriber-arbitrary-file-deletion-via-save_fields-function</loc>
<lastmod>2025-10-30T18:34:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content_timeline/content-timeline-442-sql-injection</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-elementor-addons/wpzoom-addons-for-elementor-starter-templates-widgets-134-reflected-cross-site-scripting</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-453-authorization-bypass-to-remove-category-attribute</loc>
<lastmod>2016-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-org-chart/simple-org-chart-234-missing-authorization</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bnfw/better-notifications-for-wp-186-email-address-disclosure</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-categories-post-footer/add-categories-post-footer-222-reflected-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devs-crm/devs-crm-manage-tasks-attendance-and-teams-all-together-118-unauthenticated-information-expsoure</loc>
<lastmod>2025-12-12T16:08:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ootb-openstreetmap/out-of-the-block-openstreetmap-283-authenticated-contributor-stored-cross-site-scripting-via-ootb_query-shortcode</loc>
<lastmod>2024-12-12T22:57:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nudgify/nudgify-social-proof-sales-popup-fomo-133-cross-site-request-forgery-via-sync_orders_manually</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/most-and-least-read-posts-widget/most-and-least-read-posts-widget-2520-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/photo-gallery-images-slider-in-rbs-image-gallery-3223-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-4010-authenticatedsubscriber-privilege-escalation</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder-pro/cost-calculator-builder-pro-3172-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-05-16T19:35:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/github-shortcode/github-shortcode-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-26T18:56:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-members/team-members-520-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-407-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpupper-share-buttons/wpupper-share-buttons-343-missing-authorization</loc>
<lastmod>2024-06-03T16:40:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-db/contact-form-to-db-by-bestwebsoft-messages-database-plugin-for-wordpress-172-authenticated-author-sql-injection</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11519-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mightyforms/contact-form-survey-form-builder-mightyforms-139-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-03T14:13:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-customizer-for-woocommerce/email-customizer-for-woocommerce-drag-and-drop-email-templates-builder-267-authenticated-administrator-stored-cross-site-scripting-via-email-template-content</loc>
<lastmod>2026-01-06T20:40:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-2071-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-03-03T19:57:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-to-database-extension/contact-form-7-to-database-extension-21032-csv-injection</loc>
<lastmod>2018-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-294-missing-authorization</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-widget-ninja/profile-widget-ninja-43-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-click-track/wp-click-tracker-073-reflected-cross-site-scripting</loc>
<lastmod>2025-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazytasks-project-task-management/lazytasks-project-task-management-with-collaboration-kanban-and-gantt-chart-1229-missing-authorization-to-uanuthenticated-privilege-escalation</loc>
<lastmod>2025-12-11T15:07:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6687-unauthenticated-sql-injection</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powies-uptime-robot/powies-uptime-robot-097-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-207-unauthenticated-sql-injection</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/power-zoomer/power-zoomer-12-arbitrary-file-upload</loc>
<lastmod>2013-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1456-captcha-bypass</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unite-gallery-lite/unite-gallery-lite-15-cross-site-request-forgery-and-sql-injection</loc>
<lastmod>2015-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphina-elementor-charts-and-graphs/graphina-1810-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-288-missing-authorization-to-wordpress-option-modification</loc>
<lastmod>2024-05-20T19:43:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-0125-missing-authorization</loc>
<lastmod>2026-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-and-remote-arrows-51028-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-424-sql-injection</loc>
<lastmod>2015-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/esign-genie-for-wp/foxit-esign-for-wordpress-203-authenticated-admin-information-exposure</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybb-cross-poster/mybb-cross-poster-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-accessibility/accessibility-suite-by-online-ada-2011-sql-injection</loc>
<lastmod>2019-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/domain-check/domain-check-1016-reflected-cross-site-scripting-via-domain</loc>
<lastmod>2021-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-311-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-responder/paypal-responder-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pw-woocommerce-on-sale/pw-woocommerce-on-sale-139-missing-authorization</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-bookshelves/library-bookshelves-510-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:44:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/salem/salem-theme-155-dom-based-cross-site-scripting</loc>
<lastmod>2015-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-5910-missing-authentication-to-unauthenticated-action-scheduler-task-execution</loc>
<lastmod>2025-12-11T21:13:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-slider/visualslider-sldier-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mf-gig-calendar/mf-gig-calendar-121-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooenvato/woocommerce-envato-affiliates-121-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-4411-reflected-cross-site-scripting</loc>
<lastmod>2022-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-time-clock-lite/all-in-one-time-clock-lite-tracking-employee-time-has-never-been-easier-20-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-clocking-inout</loc>
<lastmod>2025-10-21T21:09:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-hopper/link-hopper-25-authenticated-administrator-stored-cross-site-scripting-via-hop_name-parameter</loc>
<lastmod>2026-02-13T18:33:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bravis-user/bravis-user-101-authentication-bypass-to-account-takeover</loc>
<lastmod>2025-08-22T18:31:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-208-authenticated-contributor-information-exposure</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bne-testimonials/bne-testimonials-207-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mxchat-basic/mxchat-ai-chatbot-for-wordpress-246-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-dash/client-dash-220-authenticated-admin-cross-site-scripting</loc>
<lastmod>2019-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uptime-robot-monitor/uptime-robot-plugin-for-wordpress-23-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-code-manager/fluentsnippets-1050-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-paginate/wp-paginate-218-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sydney-toolbox/sydney-toolbox-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveforms/live-forms-484-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eu-vat-for-woocommerce/euuk-vat-manager-for-woocommerce-21212-missing-authorization</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5381-missing-authorization-via-manual-review-reminders</loc>
<lastmod>2023-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/per-page-add-to/per-page-add-to-head-144-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmace/gmace-152-cross-site-request-forgery-via-gmace_manager_client</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-418-authenticated-author-stored-cross-site-scripting-via-location_dir-parameter</loc>
<lastmod>2026-06-08T14:13:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-filter-posts/post-grid-master-3412-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-by-adtribes-woocommerce-product-feeds-for-google-facebookmeta-bing-more-1331-sensitive-information-exposure-via-log-files</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1082-unauthenticated-sql-injection</loc>
<lastmod>2018-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-to-chat/form-to-chat-app-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-google-analytics-dashboard-for-wordpress-422-cross-site-request-forgery</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clone-any-post-type/wp-clone-any-post-type-36-open-redirect</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quicksand-jquery-post-filter/quicksand-post-filter-jquery-plugin-311-missing-authorization-via-quicksand_admin_ajax</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4012-authenticated-contributor-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-language-switch/user-language-switch-1610-authenticated-administrator-stored-cross-site-scripting-via-tab_color_picker_language_switch-parameter</loc>
<lastmod>2026-02-13T18:31:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/footnotes-made-easy/footnotes-made-easy-307-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T16:03:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-from-files/download-from-files-148-arbitrary-file-upload</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailerpress/mailerpress-142-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-woocommerce-dynamic-pricing-and-discounts/elex-woocommerce-dynamic-pricing-and-discounts-212-reflected-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-user-listing/simple-user-listing-192-reflected-cross-site-scripting-via-as</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crm-system/wp-crm-system-329-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-42387-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-comment-images/embed-images-in-comments-06-cross-site-scripting</loc>
<lastmod>2017-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asmember/asmember-154-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wr-nitro/nitro-by-woorockets-179-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2021-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-chat/wise-chat-283-csv-injection</loc>
<lastmod>2020-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-options-editor/advanced-options-editor-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lt-unleashed/lt-unleashed-111-authenticated-contributor-local-file-inclusion-via-template-parameter</loc>
<lastmod>2025-12-11T14:19:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-560-cross-site-request-forgery-via-invoices__change_status-action</loc>
<lastmod>2026-06-05T11:05:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-dashboard/material-dashboard-146-unauthenticated-privilege-escalation</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybrain-utilities/mybrain-utilities-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T17:56:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3107-authenticated-contributor-stored-cross-site-scripting-via-image-stack-group-widget</loc>
<lastmod>2024-05-15T19:30:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-gravity-forms/gsheetconnector-for-gravity-forms-1327-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2025-10-10T20:59:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-testimonial/gs-testimonial-slider-329-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1022-reflected-cross-site-scripting</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-390-authentication-bypass</loc>
<lastmod>2023-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-pixel-marquee-creator/animated-pixel-marquee-creator-100-cross-site-request-forgery-via-marquee-parameter</loc>
<lastmod>2025-12-11T14:25:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reftagger-shortcode/reftagger-shortcode-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium-pro/wp-symposium-pro-1601-cross-site-request-forgery</loc>
<lastmod>2016-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghostkit/ghost-kit-341-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-meta-data-and-taxonomies-filter-138-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/charety/charety-202-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-5910-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sa-post-author-filter/kikx-simple-post-author-filter-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collectchat/chatbot-for-wordpress-by-collectchat-249-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yourjourney/your-journey-198-prototype-pollution-to-reflected-cross-site-scripting</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10227-authenticated-administrator-sql-injection-via-post_id</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobwp/wordpress-job-board-and-recruitment-plugin-jobwp-21-sensitive-information-exposure</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-calendar/pie-calendar-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-wd/backup-by-10web-1020-reflected-cross-site-scripting</loc>
<lastmod>2021-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/co-marquage-service-public/co-marquage-service-publicfr-0571-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-export-import-wordpress-extension-for-learnpress-404-reflected-cross-site-scripting</loc>
<lastmod>2024-11-14T15:47:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/partymaker/partymaker-1115-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templately/templately-225-improper-authorization-to-arbitrary-post-deletion</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-page-builder-features-3245-authenticated-contributor-stored-dom-based-cross-site-scripting-via-html-data-attributes</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-3360-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disqus-comment-system/disqus-comment-system-276-remote-code-execution</loc>
<lastmod>2014-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-map-route-planner/wp-map-route-planner-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension-501-cross-site-request-forgery</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-health/wp-umbrella-update-backup-restore-monitoring-2170-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-12-07T16:24:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/catch-base/catch-base-346-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-tour-booking-plugin-tour-operator-software-667-authenticated-subscriber-arbitrary-file-deletion-via-file-renaming</loc>
<lastmod>2025-10-08T16:24:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wordpress-backup-plugin-1950-nonce-leak-to-authorization-bypass</loc>
<lastmod>2015-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-233-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-808-cross-site-request-forgery-to-arbitrary-media-deletion</loc>
<lastmod>2023-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-20503-unauthenticated-information-disclosure</loc>
<lastmod>2017-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-for-contact-form-7-and-pipedrive/integration-for-pipedrive-and-contact-form-7-wpforms-elementor-ninja-forms-120-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/justrows-free/justrows-free-02-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-duplicator/post-duplicator-223-cross-site-scripting</loc>
<lastmod>2021-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mihdan-index-now/index-now-263-cross-site-request-forgery-via-reset_form</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profitori/profitori-2060-2113-missing-authorization-to-unauthenticated-privilege-escalation-via-stocktend_object-endpoint</loc>
<lastmod>2025-05-30T18:08:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/logistics-hub/logisticshub-116-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-fitness/vw-fitness-434-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-announcement/wp-announcement-208-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-tabs/tabs-371-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1148-reflected-cross-site-scripting</loc>
<lastmod>2016-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realpress/realpress-109-missing-authorization-to-unauthenticated-page-creation-and-email-sending</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post-series/simple-post-series-244-reflected-cross-site-scripting</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-1096-authorization-bypass</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-upload/front-end-upload-054-arbitrary-file-upload</loc>
<lastmod>2012-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blur-text/blur-text-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-422-unauthenticated-file-download-w-information-disclosure</loc>
<lastmod>2019-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/foodie/foodie-114-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/block-bad-bots-and-stop-bad-bots-crawlers-and-spiders-and-anti-spam-protection-1023-missing-authorization-to-information-expsoure</loc>
<lastmod>2024-05-29T19:55:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpide/wpide-26-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ean-for-woocommerce/ean-for-woocommerce-442-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acobot/acobot-live-chat-contact-form-20-cross-site-request-forgery-and-cross-site-scripting</loc>
<lastmod>2015-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.4/wordpress-core-341-cross-site-request-forgery</loc>
<lastmod>2012-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revisionary/publishpress-revisions-duplicate-posts-submit-approve-and-schedule-content-changes-3515-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ag-custom-admin/agca-custom-dashboard-login-page-721-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7-1392-unauthenticated-limited-arbitrary-file-upload</loc>
<lastmod>2026-01-06T18:04:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sola-support-tickets/sola-support-tickets-313-cross-site-scripting</loc>
<lastmod>2016-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yayextra/yayextra-152-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codecolorer/codecolorer-0100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-note/admin-notes-11-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-324-unauthenticated-php-object-injection-via-phar-deserialization</loc>
<lastmod>2025-08-19T12:30:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailup/mailup-newsletter-sign-up-form-133-cross-site-scripting</loc>
<lastmod>2013-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/members-list/members-list-plugin-436-reflected-cross-site-scripting</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-useronline/wp-useronline-270-cross-site-scripting</loc>
<lastmod>2010-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/car-repair-service/car-repair-services-auto-mechanic-40-reflected-cross-site-scripting</loc>
<lastmod>2021-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/openbook-book-data/openbook-book-data-352-cross-site-request-forgery</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visit-site-link-enhanced/visit-site-link-enhanced-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/query-wrangler/query-wrangler-1551-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protected-posts-logout-button/protected-posts-logout-button-144-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bread-butter/lead-capture-gated-content-newsletter-opt-ins-74857-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canvasio3d-light/canvasio3d-light-250-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gpx-maps/wp-gpx-maps-1123-arbitrary-file-upload</loc>
<lastmod>2012-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-cf7-database/peprodev-cf7-database-170-unauthenticated-stored-cross-site-scripting-via-form-submission</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mitm-bug-tracker/mitm-bug-tracker-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-add/landing-page-builder-1534-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-01-10T15:52:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-238-sql-injection</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7518727-stored-cross-site-scripting</loc>
<lastmod>2022-04-04T05:25:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-elementor-addons/wpzoom-addons-for-elementor-templates-widgets-1136-authenticated-contributor-stored-cross-site-scripting-via-image-box-widget</loc>
<lastmod>2024-05-14T10:38:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitor-traffic-real-time-statistics-67-missing-authorization-to-information-disclosure</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wdesignkit/wdesignkit-1040-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-voice-mail/easy-voice-mail-125-unauthenticated-stored-cross-site-scripting-via-message</loc>
<lastmod>2026-02-13T16:18:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-image-replace/external-image-replace-108-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-style/contact-form-7-style-319-cross-site-request-forgery</loc>
<lastmod>2021-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-shortcode/event-espresso-custom-email-template-shortcode-100-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rara-business/rara-business-130-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder-pro/profile-builder-pro-3145-unauthenticated-php-object-injection</loc>
<lastmod>2026-05-01T17:10:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-invoices-packing-slip-labels-for-woocommerce/woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-441-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/amplus/amplus-unspecified-version-cross-site-request-forgery</loc>
<lastmod>2013-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe/iframe-40-stored-cross-site-scripting</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lockets/lockets-0999-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commons-booking/cb-legacy-09418-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-1121-unauthenticated-open-redirect-via-redirect_to-parameter</loc>
<lastmod>2026-02-17T16:15:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/advanced-contact-us-form-builder-for-wordpress-405-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets/code-snippets-391-authenticated-contributor-php-code-injection-via-extract-and-php-filter-chains</loc>
<lastmod>2025-11-18T19:03:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-freightquote-edition/ltl-freight-quotes-freightquote-edition-2311-missing-authorization</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-avatars/author-avatars-listblock-2117-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-blocks/wowstore-424-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-gateway/wp-mail-gateway-18-missing-authorization-to-authenticated-subscriber-smtp-configuration-modification-via-wmg_save_provider_config-ajax-action</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uicore-elements/uicore-elements-130-missing-authorization-to-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-08-11T17:05:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-for-font-awesome/block-for-font-awesome-144-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zerobounce/zerobounce-email-verification-validation-1011-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cits-support-svg-webp-media-upload/cits-support-svg-webp-media-and-ttfotf-file-upload-210-authenticatedauthor-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoxhibit/photoxhibit-218-reflected-cross-site-scripting-via-gid</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-e-commerce-shopping-cart/simple-ecommerce-shopping-cart-plugin-sell-products-through-paypal-312-reflected-cross-site-scripting-via-monthly_sales_current_year-parameter</loc>
<lastmod>2024-12-06T21:16:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-changer/theme-changer-14-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-more-than-just-a-page-builder-3215-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-verification/user-verification-1093-privilege-escalation</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder-block/popupkit-215-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catch-themes-demo-import/catch-themes-demo-import-21-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-openpos/woocommerce-openpos-644-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-square/woocommerce-square-511-unauthenticated-insecure-direct-object-reference-to-sensitive-information-exposure-in-get_token_by_id</loc>
<lastmod>2026-01-09T14:05:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taeggie-feed/taeggie-feed-0110-authenticated-contributor-stored-cross-site-scripting-via-name-attribute</loc>
<lastmod>2025-07-23T20:45:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/utubevideo-gallery/utubevideo-gallery-207-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-telegram-chat/wps-telegram-chat-460-authenticated-subscriber-unauthorized-access-to-telegram-bot-api</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/medilink-core/medilink-core-207-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-205-cross-site-request-forgery-leading-to-settings-change</loc>
<lastmod>2021-07-27T04:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fgallery_plus/fgallery-plus-all-versions-reflected-cross-site-scripting</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-20250927-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-audit/content-audit-191-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-189-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addify-custom-registration-forms-builder/multiple-addify-plugins-various-versions-cross-site-request-forgery</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-1244-cross-site-request-forgery</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkview/checkview-form-checkout-testing-210-missing-authorization</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/modernee/modernee-160-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-one-category-of-posts/category-of-posts-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-member-subscriptions-2143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-432-cross-site-scripting</loc>
<lastmod>2016-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-source-control-isc/image-source-control-2290-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wa-sticky-button/wp-sticky-button-13-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-973-unauthenticated-sql-injection</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ps-ads-pro/ps-ads-pro-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-pay-counter/post-pay-counter-2731-php-object-injection</loc>
<lastmod>2017-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infomaniak-connect-openid/infomaniak-connect-for-openid-102-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-06T18:46:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-ptb-search/themify-ptb-search-addon-139-reflected-cross-site-scripting</loc>
<lastmod>2022-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpr-admin-amplify/admin-amplify-130-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-cross-site-request-forgery-via-give_cache_flush</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multilevel-referral-plugin-for-woocommerce/multilevel-referral-affiliate-plugin-for-woocommerce-227-reflected-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-travel-booking-wordpress-theme-2786-cross-site-scripting</loc>
<lastmod>2020-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaport/wp-live-chat-chatbots-plugin-for-wordpress-chaport-115-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-for-woocommerce/affiliate-for-woocommerce-470-missing-authorization</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7310-cross-site-request-forgery</loc>
<lastmod>2022-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-273-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-16929-insecure-direct-object-reference-to-authenticated-staff-sensitive-information-exposure</loc>
<lastmod>2026-03-12T19:08:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-202-reflected-cross-site-scripting</loc>
<lastmod>2006-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-security-20226-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3218-missing-authorization-to-authenticated-contributor-rating-meta-update</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-453-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-pagespeed-insights/insights-from-google-pagespeed-406-multiple-cross-site-request-forgery</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-249-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-290-missing-authorization</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.1/wordpress-core-21-directory-traversal</loc>
<lastmod>2007-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alink-tap/alink-tap-131-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-866-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2913-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wxsync/wxsync-280-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quizlord/quizlord-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensive-vc-addon/extensive-vc-addons-for-wpbakery-page-builder-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-posts/weaver-show-posts-16-authenticatedcontributor-stored-cross-site-scripting-via-display-name</loc>
<lastmod>2023-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-user-profile-user-registration-forms-361-cross-site-scripting-via-site_url-parameter</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-280-directory-traversal-to-arbitrary-file-deletion-and-denial-of-service</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-505-missing-authorization</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesking/salesking-1615-missing-authorization-to-settings-change</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1420-order-replay-vulnerability</loc>
<lastmod>2025-04-16T22:33:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3164-missing-authorization-to-arbitrary-attachment-read</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-as-customer-or-user/login-as-user-or-customer-21-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12316-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-elementor-flipbox/fancy-elementor-flipbox-251-authenticated-contributor-stored-cross-site-scripting-via-fancy-elementor-flipbox-widget</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-page/404-page-by-seedprod-101-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-1240-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-514-missing-authorization-to-authenticated-contributor-limited-page-content-modification</loc>
<lastmod>2026-05-04T19:57:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/google-analytics-by-monster-insights-8140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixmagix/pixmagix-172-authenticated-author-path-traversal-in-layersid-parameter</loc>
<lastmod>2026-06-29T16:17:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/presto-player/the-ultimate-video-player-for-wordpress-420-authenticated-contributor-stored-cross-site-scripting-via-link_url-shortcode-attribute</loc>
<lastmod>2026-06-11T12:49:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-coming-soon-redirect-animation/maintenance-coming-soon-redirect-animation-230-ip-spoofing-to-bypass</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-lms/designthemes-lms-104-unauthenticated-privilege-escalation</loc>
<lastmod>2025-12-02T07:26:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-wp-business-directory-plugin-and-classified-listings-directory-28162-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayer/wp-prayer-154-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sw_maxshop/maxshop-3620-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-wp/affiliatewp-2091-reflected-cross-site-scripting</loc>
<lastmod>2017-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hd-quiz/hd-quiz-220-221-cross-site-request-forgery-via-multiple-ajax-handlers</loc>
<lastmod>2026-06-26T12:56:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpul-events-by-esotech/simpul-events-by-esotech-185-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slingblocks/slingblocks-gutenberg-blocks-by-funnelkit-formerly-woofunnels-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T16:47:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zenost-shortcodes/zenost-shortcodes-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:31:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booktics/booktics-1016-missing-authorization-to-get-items-via-rest-api-endpoints</loc>
<lastmod>2026-03-09T13:22:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/listing-classified-ads-business-directory-ulisting-205-reflected-cross-site-scripting</loc>
<lastmod>2021-07-27T04:26:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amerisale-re/amerisale-re-all-versions-reflected-cross-site-scripting</loc>
<lastmod>2013-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/juicer/juicer-1101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contests-from-rewards-fuel/contests-by-rewards-fuel-2065-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-logo-slider/gs-logo-slider-351-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/couponxl/couponxl-450-unauthenticated-privilege-escalation</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-313-cross-site-scripting</loc>
<lastmod>2020-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2065-cross-site-scripting</loc>
<lastmod>2016-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder-pro/profile-builder-pro-3140-unauthenticated-sql-injection</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-with-hypercommentscom/hypercomments-096-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-users/email-users-488-arbitrary-settings-update-via-cross-site-request-forgery</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptools/wp-tools-518-cross-site-request-forgery-to-arbitrary-file-renaming</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hot-random-image/hot-random-image-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myweather/addweather-251-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-132-reflected-cross-site-scripting-via-dnf</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertbox-auto-embed/convertbox-auto-embed-wordpress-plugin-1019-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commentluv/commentluv-2924-reflected-cross-site-scripting</loc>
<lastmod>2013-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-logout-register-menu/login-logout-register-menu-20-authenticated-contributor-stored-cross-site-scripting-via-llrmloginlogout-shortcode</loc>
<lastmod>2024-05-29T14:17:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-509-reflected-cross-site-scripting-via-a-0-o-search_field_value</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-pro-360-authenticated-contributor-local-file-inclusion-via-price-menu-hotspot-and-advanced-toggle-widgets</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WHMpress_Client_Area_Api/whmpress-whmcs-client-area-43-revision-3-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7-1365-cross-site-request-forgery-in-dnd_upload_cf7_upload-and-dnd_codedropz_upload_delete</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bajaar/bajaar-highly-customizable-woocommerce-wordpress-210-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/freshio/freshio-242-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat2/chat2-40-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-329-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-283-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-wordpress-gallery-plugin-485-missing-authorization-to-authenticated-subscriber-gallery-manipulation</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-sort-and-display/product-sort-and-display-for-woocommerce-241-missing-authorization</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bebetter-social-icons/bebetter-social-icons-27-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-shopping-cart-6114-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/structured-content/structured-content-164-authenticated-contributor-stored-cross-site-scripting-via-sc_fs_local_business-shortcode</loc>
<lastmod>2025-07-23T20:37:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-recaptcha/login-no-captcha-recaptcha-1611-captcha-bypass-via-whitelisted-ip-address-spoofing</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sully/sully-430-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/question-answer/question-answer-1270-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveasap/simple-giveaways-2481-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-link-manager/page-link-manager-10b-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-for-font-awesome/shortcode-for-font-awesome-14-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-membership/wcfm-membership-woocommerce-memberships-for-multivendor-marketplace-2118-insecure-direct-object-reference-to-update-membership-payment</loc>
<lastmod>2026-02-09T11:17:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-more-than-just-a-page-builder-3202-authenticated-contributor-dom-based-stored-cross-site-scripting-via-path-widget</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/style-tweaker/style-tweaker-011-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/godaddy-email-marketing-sign-up-forms/godaddy-email-marketing-143-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-peertube-playlist/embed-peertube-playlist-107-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-5921-authenticated-contributor-stored-cross-site-scripting-via-twitter-feed</loc>
<lastmod>2024-05-29T18:31:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-activity-plus/buddypress-activity-plus-15-cross-site-request-forgery</loc>
<lastmod>2015-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sigmaforms-pro/sigma-forms-pro-145-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-affiliation/lws-affiliation-234-missing-authorization</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kalender-digital/calendaronline-kalenderdigital-1013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-1993-missing-authorization</loc>
<lastmod>2026-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arprice/arprice-413-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-wpfc_purgecache_varnish_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-pro-454-free-227-cross-site-request-forgery-via-evo_eventpost_update_meta</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-353-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager-companies/wp-job-manager-company-profiles-17-reflected-cross-site-scripting</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm/osm-openstreetmap-603-authenticated-contributor-sql-injection</loc>
<lastmod>2024-07-08T20:10:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-event-manager/quick-event-manager-974-reflected-cross-site-scripting</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-31221-missing-authorization</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/performance-monitor/performance-monitor-106-unauthenticated-server-side-request-forgery-via-url-parameter</loc>
<lastmod>2026-03-20T15:10:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dealia-request-a-quote/dealia-request-a-quote-107-missing-authorization-to-authenticated-contributor-plugin-configuration-reset</loc>
<lastmod>2026-02-18T15:54:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/typofr/typofr-011-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-jquery-photo-gallery-slideshow-flash/zooeffect-111-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/craw-data/craw-data-100-server-side-request-forgery</loc>
<lastmod>2022-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-list-manager/video-list-manager-17-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export-pro/wp-all-export-pro-178-authenticated-remote-code-execution</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flaming-forms/flaming-forms-101-reflected-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-instagram-lite/gallery-for-social-photo-10025-subscriber-sql-injection</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.9/wordpress-core-591-jquery-prototype-pollution</loc>
<lastmod>2022-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-action-network/action-network-144-reflected-cross-site-scripting</loc>
<lastmod>2025-01-08T22:09:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-imageflow2/wp-flow-plus-525-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-75-missing-authorization</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-651-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcas/wpcas-107-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12225-missing-authorization</loc>
<lastmod>2026-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-657-missing-authorization</loc>
<lastmod>2022-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171056-unauthenticated-stored-cross-site-scripting-via-status-parameter-in-wpr_update_form_action_meta</loc>
<lastmod>2026-05-04T14:32:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gzseo/gzseo-2011-authenticated-contributor-authorization-bypass-to-stored-cross-site-scripting</loc>
<lastmod>2026-01-23T19:25:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-621-missing-authorization-to-authenticated-contributor-plugin-settings-update</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexoslider/flexoslider-10004-reflected-cross-site-scripting</loc>
<lastmod>2025-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export-pro/wp-all-export-pro-191-authenticated-shopmanager-arbtirary-options-update</loc>
<lastmod>2025-02-07T03:24:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laika-pedigree-tree/laika-pedigree-tree-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medizin/medizin-197-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/smsalert-woocommerce-375-authenticated-contributor-stored-cross-site-scripting-via-sa_subscribe-shortcode</loc>
<lastmod>2024-10-28T22:36:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-stock-manager/stock-manager-for-woocommerce-360-cross-site-request-forgery</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pkt1-centro-de-envios/pkt1-centro-de-envios-121-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traveler-code/traveler-code-311-unauthenticated-arbitrary-sql-injection</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-backup/database-backup-and-check-tables-automated-with-scheduler-2024-236-authenticated-administrator-arbitrary-file-deletion</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verweise-wordpress-twitter/verweise-wordpress-twitter-10-2-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-world-maps/interactive-world-maps-2414-reflected-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clerkio/clerk-382-authorization-bypass-via-insufficient-validation</loc>
<lastmod>2022-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3232-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-grid/video-grid-121-reflected-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bacon-ipsum/bacon-ipsum-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finance-calculator-with-application-form/financial-calculator-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:03:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-bar/notification-bar-22-cross-site-request-forgery</loc>
<lastmod>2025-10-02T22:34:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-656-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bm-builder/bm-content-builder-31633-authenticated-contributor-arbitrary-file-download</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-and-tips/quotes-and-tips-by-bestwebsoft-120-cross-site-scripting</loc>
<lastmod>2015-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-with-fancybox/popup-with-fancybox-35-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-styles/gallery-styles-134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10263-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-20994-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mantenimiento-web/mantenimiento-web-08-cross-site-request-forgery</loc>
<lastmod>2022-10-31T15:54:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-277-unsafe-file-upload-to-cross-site-scripting</loc>
<lastmod>2020-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-524-server-side-request-forgery</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-scraper/amazon-scraper-11-cross-site-request-forgery-to-stored-cross-site-scripting-via-settings-update</loc>
<lastmod>2026-05-19T12:06:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-527-authenticated-agent-privilege-escalation</loc>
<lastmod>2026-03-02T11:03:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-mstoreapp-mobile-app/mstoreapp-mobile-208-901-unauthenticated-privilege-escalation</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-for-telcell/payment-gateway-for-telcell-203-open-redirect</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give-donation-modules-for-divi/give-divi-donation-modules-200-sensitive-information-dislcosure</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vapester/vapester-1110-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posts-carousel/wp-posts-carousel-1312-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-video-gallery/wordpress-video-gallery-28-sql-injection</loc>
<lastmod>2015-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filter-plus/product-filtering-by-categories-tags-price-range-for-woocommerce-116-missing-authorization-to-unauthenticated-plugin-settings-modification</loc>
<lastmod>2025-12-11T15:04:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-paypal-gateway/payment-gateway-for-paypal-on-woocommerce-9053-missing-authorization</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printful-shipping-for-woocommerce/printful-integration-for-woocommerce-222-cross-site-request-forgery</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-701-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozap/wp-avcl-automation-helper-formerly-wpflyleads-34-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gatormail-smart-forms/gatormail-smartforms-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T19:03:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodatasource-country-region-dropdown/geodatasource-country-region-dropdown-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-font-replacement-4wp/dynamic-font-replacement-dfr4wp-en-13-en-sql-injection</loc>
<lastmod>2013-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vanguard/vanguard-marketplace-digital-products-php7-21-cross-site-scripting</loc>
<lastmod>2020-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rankology-seo-and-analytics-tool/rankology-seo-and-analytics-tool-20-incorrect-authorization-to-authenticated-editor-header-footer-code-creation</loc>
<lastmod>2026-01-06T19:26:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-career-openings/easy-career-openings-04-sql-injection</loc>
<lastmod>2013-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-direct-menus/bp-direct-menus-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:28:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybooktable/mybooktable-bookstore-360-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-optimize/lws-optimize-191-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-carousel-for-visual-composer/ultimate-carousel-for-wpbakery-page-builder-26-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/purchase-and-expense-manager/purchase-and-expense-manager-112-cross-site-request-forgery-to-arbitrary-purchase-record-deletion</loc>
<lastmod>2025-12-11T14:33:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-217-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/before-and-after/before-and-after-39-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-212-cross-site-scripting</loc>
<lastmod>2016-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-4912-reflected-cross-site-scripting</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-256-unauthenticated-authorization-bypass</loc>
<lastmod>2022-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/front-user-submit-495-open-redirect</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adirectory/adirectory-wordpress-directory-listing-plugin-23-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-personal-message/simple-personal-message-200-authenticated-sql-injection</loc>
<lastmod>2016-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-contact-form-7-db-202-sensitive-information-exposure</loc>
<lastmod>2024-06-10T17:31:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmatic/replyable-subscribe-to-comments-and-reply-by-email-146-cross-site-scripting</loc>
<lastmod>2015-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor_widget_universal_video_player/universal-video-player-140-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketing-automation-by-azexo/marketing-automation-by-azexo-12780-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-12-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-07T14:41:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-my-post/rate-my-post-star-rating-plugin-by-feedbackwp-424-unauthenticated-voting-on-scheduled-posts</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wwm-social-share-on-image-hover/wwm-social-share-on-image-hover-22-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-386-unauthenticated-arbitrary-shortcode-execution-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-engine/code-engine-033-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-177-authenticated-author-stored-cross-site-scripting-via-headerfooter</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-page-sidebars/unlimited-page-sidebars-026-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/wp-easycart-5410-authenticated-administrator-sql-injection-via-orderby</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyr3lat/cyr-to-lat-35-authenticated-sql-injection</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-elite-for-woocommerce/elite-booster-for-woocommerce-717-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-slider-responsive-image-slider-video-slider-post-slider-206-cross-site-request-forgery-via-save</loc>
<lastmod>2024-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-whatsapp-button/add-chat-app-button-215-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analyticswp/analyticswp-212-unauthenticated-sql-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-listings/job-listings-01-011-unauthenticated-privilege-escalation-via-register_action-function</loc>
<lastmod>2025-05-02T11:32:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-521-open-redirect</loc>
<lastmod>2021-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ultrapress/ultrapress-122-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woofunnels-aero-checkout/funnelkit-checkout-3103-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelkit-stripe-woo-payment-gateway/funnelkit-payment-gateway-for-stripe-woocommerce-11403-cross-site-request-forgery</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listihub/listihub-106-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluid-responsive-slideshow/fluid-responsive-slideshow-227-cross-site-request-forgery</loc>
<lastmod>2016-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2913-csv-injection</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-plant-a-tree/i-plant-a-tree-174-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/riode/riode-multi-purpose-woocommerce-1629-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cloudme/cloudme-cloud-storage-file-sharing-wordpress-theme-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convert-post-types/convert-post-types-14-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-contact/floating-contact-button-27-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-19-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4265-unauthenticated-bypass-to-user-registration</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listings-for-buildium/listings-for-buildium-015-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salert/salert-121-missing-authorization-via-salert_save_settings_with_ajax</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/miti/miti-153-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartcat-wpml/smartcat-translator-for-wpml-3172-authenticated-author-sql-injection-via-orderby-parameter</loc>
<lastmod>2025-09-10T18:45:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recently-purchased-products-for-woo/recently-purchased-products-for-woo-113-authenticated-contributor-stored-cross-site-scripting-via-view-parameter</loc>
<lastmod>2025-03-04T19:18:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/woof-products-filter-for-woocommerce-119-remote-code-execution</loc>
<lastmod>2018-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-wordpress-plugin-for-countdown-timer-counter-123-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/journey-analytics/journey-analytics-1012-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-random-posts/ajax-random-posts-033-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-log-viewer/error-log-viewer-by-bestwebsoft-111-cross-site-request-forgery</loc>
<lastmod>2021-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-reminders/email-reminders-205-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-mailer/site-mailer-123-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T23:34:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cardealer/car-dealer-167-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-2checkout/2checkout-add-on-for-ithemes-exchange-110-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-2315-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixtypes/pixtypes-1415-reflected-cross-site-scripting</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftcontroller/shiftcontroller-employee-shift-scheduling-4923-cross-site-request-forgery-via-get</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jvm-rich-text-icons/jvm-rich-text-icons-123-authenticatedsubscriber-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stagtools/stagtools-237-reflected-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-3211-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/webinarpress-1339-reflected-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-responsive-photo-gallery/image-gallery-responsive-photo-gallery-105-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-wp/hide-my-wp-ghost-7000-unauthenticated-open-redirect</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anycomment/anycomment-0217-race-condition</loc>
<lastmod>2022-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11531-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fontsampler/fontsampler-0412-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flex-guten/flex-guten-125-authenticated-contributor-stored-cross-site-scripting-via-thumbnailhovereffect-parameter</loc>
<lastmod>2025-08-05T13:00:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-post-metadata/display-post-metadata-140-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-image-slider-video-slider-31060-authenticated-editor-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopelement/shopelement-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woomotiv/live-sales-notification-for-woocommerce-woomotiv-343-cross-site-request-forgery-via-ajax_cancel_review</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-216-missing-authorization-to-unauthenticated-local-file-inclusion-arbitrary-settings-update-and-user-creation</loc>
<lastmod>2024-09-03T14:04:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-daylight-edition/ltl-freight-quotes-daylight-edition-227-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-gift-cards/yith-woocommerce-gift-cards-4120-missing-authorization-to-unauthenticated-woocommerce-settings-update</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmagthemes-demo-import/postmagthemes-demo-import-107-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4165-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/about-me/about-me-1012-missing-authorization</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-multi-currency/curcy-2125-missing-authorization-to-currency-exchange-retrieval</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-09105-sensitive-information-exposure</loc>
<lastmod>2024-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-for-visual-composer/image-hover-effects-for-wpbakery-page-builder-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/wordpress-infinite-scroll-ajax-load-more-712-authenticated-contributor-stored-cross-site-scripting-via-button_label-parameter</loc>
<lastmod>2024-10-01T21:01:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-5193-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediaview/mediaview-112-reflected-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-03-26T12:57:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-520-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-google-map-plugin-237-reflected-cross-site-scripting</loc>
<lastmod>2015-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-dashboard-rss-feed/admin-dashboard-rss-feed-34-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-manager/review-manager-220-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-core/extensions-by-hocwp-team-0232-authentication-bypass</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-commander-client/cms-commander-2287-authorization-bypass-through-use-of-insufficiently-unique-cryptographic-signature</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alright/alright-161-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgs-core/pgs-core-580-unauthenticated-sql-injection</loc>
<lastmod>2025-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/image-gallery-photo-grid-video-gallery-21228-improper-authorization-to-authenticated-author-arbitrary-image-file-move</loc>
<lastmod>2025-11-14T16:51:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventlist/event-list-192-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gps-plotter/gps-plotter-530-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-209-cross-site-request-forgery</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-10141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-cross-site-scripting-via-template-name</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-essential-kit-for-woocommerce-1/yith-essential-kit-for-woocommerce-1-2340-missing-authorization-to-authenticated-subscriber-limited-plugin-install-activation-and-deactivation</loc>
<lastmod>2024-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-cross-site-request-forgery-to-settings-update-in-optimizeallon</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superb-social-share-and-follow-buttons/superb-social-media-share-buttons-and-follow-buttons-113-missing-authorization-via-spbsmajax</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/golo/golo-175-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-111513-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-webclap-for-wordpress/yet-another-webclap-for-wordpress-02-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-05T16:45:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coschedule-by-todaymade/coschedule-338-cross-site-request-forgery</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-register-profile-with-shortcode/wp-register-profile-with-shortcode-359-cross-site-request-forgery-to-user-password-reset</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xlsx-viewer/xlsxviewer-211-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beds24-online-booking/beds24-online-booking-2023-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cafe-lite/clever-addons-for-elementor-219-authenticated-contributor-stored-cross-site-scripting-via-multiple-cafe-widgets</loc>
<lastmod>2024-06-05T13:03:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-polo-payments/polopag-pix-automtico-para-woocommerce-209-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-registration-contact-form-7/frontend-registration-contact-form-7-51-authenticated-editor-privilege-escalation</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-516-reflected-cross-site-scripting</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-audio-player/html5-audio-player-best-wordpress-audio-player-plugin-2219-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-optimizer-lite/link-optimizer-lite-145-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-332-cross-site-request-forgery-via-permalink_setup</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bcm-duplicate-menu/bcm-duplicate-menu-112-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smarty-for-wordpress/smarty-for-wordpress-3135-cross-site-request-forgery-via-displaysmartymanagementpage</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeslot/time-slot-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oliver-pos/oliver-pos-2426-unauthenticated-authorization-bypass-through-user-controlled-key-to-oliverauth-header</loc>
<lastmod>2026-05-19T12:03:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-1102-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2014-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordlift/wordlift-ai-powered-seo-schema-3542-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-01-06T15:41:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/multioffice/multioffice-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-272-sql-injection</loc>
<lastmod>2016-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cross-rss/cross-rss-17-path-traversal</loc>
<lastmod>2014-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safe-svg/svg-sanitizer-library-0154-cross-site-scripting-bypass</loc>
<lastmod>2023-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcomplete/wpcomplete-2955-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeruby-multi-authors/themeruby-multi-authors-100-authenticated-contributor-stored-cross-site-scripting-via-before-and-after-shortcode-attributes</loc>
<lastmod>2026-01-23T19:24:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onlywire-multi-autosubmitter/onlywire-multi-autosubmitter-124-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uichemy/uichemy-442-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-306-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-563-missing-authorization</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-chatgpt-assistant/ai-chatbot-with-chatgpt-and-content-generator-by-ays-274-missing-authorization</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-179-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-clock-232-pro-features-lock-bypass</loc>
<lastmod>2022-04-28T12:59:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/morningtime-lite/morningtime-lite-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-event-lite/fat-event-lite-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-media-directory/simple-video-directory-142-unauthenticated-sql-injection</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/woocommerce-amazon-affiliates-wordpress-plugin-14010-unauthenticated-sql-injection</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-invoices/easy-digital-downloads-invoices-103-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-331-cross-site-request-forgery-in-crpclearcache</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-notification-bar/wordpress-notification-bar-1310-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/wordpress-social-login-and-register-discord-google-twitter-linkedin-7514-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-4512-unauthenticated-stored-cross-site-scripting-via-referer-header</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-last-modified-info/wp-last-modified-info-195-insecure-direct-object-reference-to-authenticated-author-post-metadata-modification</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-112-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-update-variations-in-cart/woo-update-variations-in-cart-009-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leco-client-portal/client-portal-pro-562-authenticated-cp-client-arbitrary-file-download</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-725-authenticated-administrator-directory-traversal</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-block-editor/nexter-blocks-454-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-08-18T19:56:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-recommend-this/i-recommend-this-372-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2014-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-page-builder-4111-reflected-cross-site-scripting</loc>
<lastmod>2021-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/coming-soon-page-by-seedprod-511-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ravpage/ravpage-240-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-image/popup-image-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-users-disable/disable-user-login-101-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-wpdevart-3211-authenticated-admin-sql-injection</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toocheke-companion/toocheke-companion-1194-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-to-zapier/cf7-to-webhook-500-unauthenticated-server-side-request-forgery-via-cf7-field-placeholder-in-webhook-url-host</loc>
<lastmod>2026-06-17T18:15:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-sensitive-information-disclosure</loc>
<lastmod>2018-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-341-cross-site-request-forgery</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-3910-authenticatedcontributor-stored-cross-site-scripting-via-pdf-widget-url</loc>
<lastmod>2024-06-12T20:25:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thecartpress/thecartpress-ecommerce-shopping-cart-115-cross-site-scripting</loc>
<lastmod>2011-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-and-footer-script-adder/header-footer-script-adder-insert-code-in-header-body-footer-205-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T15:27:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-import-export-for-woo/product-import-export-for-woocommerce-174-missing-authorization-to-csv-import</loc>
<lastmod>2020-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher-for-woocommerce/currency-switcher-for-woocommerce-007-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1265-cross-site-request-forgery</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41027-authenticated-contributor-stored-cross-site-scripting-via-button</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zoya/zoya-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-5263-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-dashboard/material-dashboard-145-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-core/thim-core-233-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consulting-elementor-widgets/consulting-elementor-widgets-130-authenticated-contributor-remote-code-execution</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sis-handball/sis-handball-1045-authenticated-administrator-sql-injection-via-orderby</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/yasr-yet-another-stars-rating-299-cross-site-scripting-via-source</loc>
<lastmod>2022-02-03T21:54:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redux-framework/redux-framework-458-authenticated-contributor-stored-cross-site-scripting-via-data-parameter</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3124-reflected-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-converter/post-type-converter-06-cross-site-request-forgery</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-shortcodes/themify-shortcodes-213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shariff/shariff-wrapper-469-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nicejob/nicejob-364-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-blocks-for-gutenberg/premium-blocks-gutenberg-blocks-for-wordpress-2127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-3217-subscriber-reflected-cross-site-scripting</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha/captcha-436-444-plugin-backdoor</loc>
<lastmod>2017-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-479-missing-authorization</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1235-unauthenticated-sql-injection-via-search</loc>
<lastmod>2025-11-15T15:54:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-edit-post-titles/bulk-edit-post-titles-500-missing-authorization-via-bulkupdateposttitles</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-booking-calendar/wp-simple-booking-calendar-2010-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T18:24:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boilerplate-extension/mainwp-boilerplate-extension-41-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-2996-cross-site-scripting</loc>
<lastmod>2019-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/porn-videos-embed/porn-videos-embed-091-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-form/hash-form-drag-drop-form-builder-119-unauthenticated-limited-file-upload</loc>
<lastmod>2024-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-sendinblue/yaysmtp-13-authenticated-administrator-sql-injection</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-geo-posts-free/my-geo-posts-free-12-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgform/google-forms-090-unauthenticated-php-object-injection</loc>
<lastmod>2017-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-events/event-management-events-calendar-rsvp-event-tickets-plugin-384-cross-site-scripting</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-custom-checkout-field/woo-custom-checkout-field-135-cross-site-scripting</loc>
<lastmod>2016-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-lead-form/video-lead-form-06-cross-site-scripting</loc>
<lastmod>2012-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awin-data-feed/awin-data-feed-17-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-comment-spam/stop-comment-spam-053-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taggbox-widget/taggbox-31-unauthenticated-php-object-injection</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-search/advance-search-112-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label-cms/white-label-cms-24-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1841-authenticated-contributor-sql-injection-via-compact_album_order_by-shortcode-parameter</loc>
<lastmod>2026-06-05T15:34:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travel-monster/travel-monster-133-missing-authorization</loc>
<lastmod>2026-01-13T13:56:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets/code-snippets-2143-reflected-cross-site-scripting</loc>
<lastmod>2022-05-18T13:17:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-invalid-click-protector/ad-invalid-click-protector-aicp-1252-cross-site-request-forgery-to-arbitrary-ban-deletion</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5-stars-rating-funnel/5-star-review-funnel-for-google-reviews-trustpilot-provenexpert-and-more-rratingg-1267-missing-authorization</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tapfiliate/tapfiliate-322-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-250-insecure-direct-object-reference-to-arbitrary-email-sending</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41031-authenticated-contributor-dom-based-stored-cross-site-scripting-via-global-tooltip</loc>
<lastmod>2024-05-30T17:09:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-touch-slider/wp-touch-slider-22-reflected-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telsender/telsender-11414-unauthenticated-stored-cross-site-scripting-via-telegram-chat-title</loc>
<lastmod>2026-01-27T21:48:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-281-open-redirect</loc>
<lastmod>2008-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricksbuilder-1961-authenticated-contributor-privilege-escalation-via-create_autosave</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/responsive-image-gallery-gallery-album-203-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13976-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite/pixelyoursite-your-smart-pixel-tag-manager-9611-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-11-sql-injection</loc>
<lastmod>2008-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-wordfence-extension/mainwp-various-extensions-cross-site-request-forgery</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thumbs-rating/thumbs-rating-500-race-condition</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-analytics-events/wp-google-analytics-events-280-reflected-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfit-woocommerce/perfit-woocommerce-101-missing-authorization-to-unauthenticated-arbitrary-plugin-settings-deletion</loc>
<lastmod>2026-01-13T17:28:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-tooltipglossary/cm-tooltip-glossary-better-seo-and-uex-for-your-wp-site-334-reflected-cross-site-scripting</loc>
<lastmod>2016-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foodbakery-sticky-cart/foodbakery-sticky-cart-32-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-block/form-block-101-cross-site-request-forgery</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-704-unauthenticated-arbitrary-content-injection</loc>
<lastmod>2023-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gigpress/gigpress-2328-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-602-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-workflow-automation-lite/ai-workflow-automation-142-missing-authorization</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-disclaimer/wp-post-disclaimer-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementary-addons/elementary-addons-204-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-bank/gallery-bank-wordpress-photo-gallery-plugin-3061-arbitrary-file-upload</loc>
<lastmod>2014-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-download-light/wp-file-download-light-133-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-dj-manager/mdjm-event-management-1781-missing-authorization-to-unauthenticated-arbitrary-custom-event-field-deletion</loc>
<lastmod>2026-03-06T11:57:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-full-stripe-free/stripe-payment-forms-by-wp-full-pay-accept-credit-card-payments-donations-subscriptions-841-missing-authorization</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classifieds-listing-143-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appmaps/appmaps-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-bannerWithPlaylist/lambertgroup-allinone-banner-with-playlist-38-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popular-posts/wordpress-popular-posts-532-authenticated-arbitrary-file-upload</loc>
<lastmod>2021-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inject/imageinject-115-cross-site-scripting</loc>
<lastmod>2018-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-popups/nelio-popups-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zajax-ajax-navigation/zajax-ajax-navigation-04-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-icon-banner-for-visual-composer/essential-doo-components-for-visual-composer-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-advanced/tinymce-advanced-419-cross-site-request-forgery</loc>
<lastmod>2014-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-907-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-wordpress-table-plugin-139-reflected-cross-site-scripting</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anber-elementor-addon/anber-elementor-addon-101-authenticated-contributor-stored-cross-site-scripting-via-banner-button-link</loc>
<lastmod>2025-08-15T14:49:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wikiloops-track-player/wikiloops-track-player-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-02-06T20:25:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-insufficient-access-control-to-plugin-deactivation</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-2108-unauthenticated-reflected-cross-site-scripting-via-message-parameter</loc>
<lastmod>2026-02-18T16:17:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2384-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-width-responsive-slider-wp/full-width-banner-slider-wp-117-reflected-cross-site-scripting-via-search_term</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-423-authenticated-sql-injection</loc>
<lastmod>2017-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abwp-simple-counter/simple-counter-103-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatewoo/automatewoo-575-missing-authorization</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-currency/wbw-currency-switcher-165-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-includes-pages/rss-includes-pages-36-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/resoto/resoto-108-missing-authorization-leading-to-authenticated-subscriber-arbitrary-plugin-activation</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-carousel-block/b-carousel-block-responsive-image-and-content-carousel-115-missing-authorization-to-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-11-04T17:38:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printcart-integration/printcart-web-to-print-product-designer-for-woocommerce-240-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spicy-blogroll/spicy-blogroll-100-local-file-inclusion</loc>
<lastmod>2013-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-catalog-for-woocommerce/pdf-catalog-for-woocommerce-1118-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T16:30:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-honeypot-anti-spam-by-cleantalk-671-authorization-bypass-via-reverse-dns-ptr-record-spoofing-to-unauthenticated-arbitrary-plugin-installation</loc>
<lastmod>2026-02-14T14:21:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avcp/anac-xml-bandi-di-gara-75-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcodefactory-helper/wpfactory-helper-170-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T15:26:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/html5-video-player-embed-and-play-videos-in-custom-player-2110-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpseo-local/yoast-seo-local-149-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-1139-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T15:35:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1171-missing-authorization-via-save_popup_enabled_state</loc>
<lastmod>2023-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-lite-plugin-2011-cross-site-scripting</loc>
<lastmod>2019-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendor-marketplace-solution-for-woocommerce-wc-marketplace-384-reflected-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intergeo-maps/google-maps-plugin-by-intergeo-232-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/use-any-font/use-any-font-620-unauthenticated-arbitrary-css-appending</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-for-music-radio-podcast-by-sonaar-511-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erident-custom-login-and-dashboard/erident-custom-login-and-dashboard-358-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-feeds/twitter-feeds-100-authenticated-contributor-cross-site-scripting-via-tweet_title-shortcode-attribute</loc>
<lastmod>2026-03-20T15:08:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-regenerate-select-crop/image-regenerate-select-crop-710-missing-authorization</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik-mortgage-calculator/mortgage-calculator-estatik-2011-reflected-cross-site-scripting</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagelinks-interactive-image-builder-lite/imagelinks-interactive-image-builder-for-wordpress-153-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedesin-html-sitemap/digihood-html-sitemap-311-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-cross-site-request-forgery-via-save</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grip/grip-109-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-5631-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jibu-pro/jibu-pro-17-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwebpro-store-locator/g-web-pro-store-locator-21-reflected-cross-site-scripting</loc>
<lastmod>2024-12-20T18:44:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-20-path-traversal</loc>
<lastmod>2014-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webapp-builder/webapp-builder-20-arbitrary-file-upload</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-shipping/flexible-shipping-42415-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uix-shortcodes/uix-shortcodes-203-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts/limit-login-attempts-171-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-visual-composer-75-authenticated-contributor-stored-cross-site-scripting-via-post-author</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-414-directory-traversal</loc>
<lastmod>2014-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trusty-whistleblowing-solution/trusty-whistleblowing-201-missing-authorization</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activehelper-livehelp/activehelper-livehelp-live-chat-315-reflected-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/borderless/borderless-widgets-elements-templates-and-toolkit-for-elementor-gutenberg-148-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reales-wp-real-estate-wordpress-theme/reales-wp-real-estate-wordpress-theme-212-missing-authorization-to-unauthenticated-attachment-deletion-and-favorite-property-updates</loc>
<lastmod>2025-04-23T19:41:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noo-visionary-core/visionary-core-149-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/uppercase/uppercase-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-monster/event-monster-120-authenticated-administrator-sql-injection</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mikado-core/mikado-core-152-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-09-08T17:10:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-widgets-suite/dashboard-widgets-suite-341-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ldap-login/simple-ldap-login-160-reflected-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-memory/memory-usage-398-cross-site-request-forgery-to-limited-plugin-installation-via-wpmemory_install_plugin-function</loc>
<lastmod>2025-07-26T16:22:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libsyn-podcasting/libsyn-publisher-hub-132-sensitive-information-exposure</loc>
<lastmod>2023-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-ai-powered-classified-ads-business-directory-plugin-538-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kenta-blocks/kenta-blocks-responsive-blocks-and-block-templates-library-139-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divelogs-widget/divelogs-widget-15-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:46:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-205-authenticated-contributor-stored-cross-site-scripting-via-advanced-text-block-widget</loc>
<lastmod>2024-06-11T08:10:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trust-payments-gateway-3ds2/trust-payments-gateway-3ds2-122-cross-site-request-forgery</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-contact-form-widget/contact-form-widget-142-cross-site-request-forgery</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shipengine-shipping-quotes/shipengine-shipping-quotes-107-unauthenticated-sql-injection</loc>
<lastmod>2025-02-11T21:10:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-5051-missing-authorization-via-delete_pageview</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-to-excel/database-to-excel-10-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-332-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2026-01-27T06:06:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bw-fitrush/fitrush-134-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/koalendar-free-booking-widget/koalendar-events-appointments-booking-calendar-102-authenticated-contributor-stored-cross-site-scripting-via-height-parameter</loc>
<lastmod>2024-12-13T15:48:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-image-optimizer-all-in-one-62001-open-redirect-via-css</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33201-missing-authorization</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-by-custom-tax/woocommerce-products-by-custom-tax-22-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T15:00:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bridge-core/bridge-core-331-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oneclick-whatsapp-order/oneclick-chat-to-order-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chordpress/lewe-chordpress-397-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedocs/wedocs-ai-powered-knowledge-base-docs-documentation-wiki-ai-chatbot-2115-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-08T17:31:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dans-gcal/dans-embedder-for-google-calendar-12-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/da-reactions/da-reactions-515-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-326-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpress/sendpress-newsletters-122331-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-emoji-one/wp-emoji-one-060-cross-site-request-forgery</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickdesk-live-support-chat-plugin/live-chat-from-clickdesk-live-chat-help-desk-plugin-for-websites-20-cross-site-scripting</loc>
<lastmod>2011-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-3732-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-shortcode/google-map-shortcode-312-reflected-cross-site-scripting</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-362-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cool-tag-cloud/cool-tag-cloud-225-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-widget/rss-feed-widget-300-reflected-cross-site-scripting-via-_serverrequest_uri</loc>
<lastmod>2024-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-attachment-export/wp-attachment-export-024-arbitrary-file-download</loc>
<lastmod>2015-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tidio-live-chat/tidio-live-chat-chatbots-email-integration-520-sensitive-information-disclosure</loc>
<lastmod>2022-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-868-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3216-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-11-05T19:34:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-embed-thumbnail-generator/videopack-formerly-video-embed-thumbnail-generator-20-remote-code-execution</loc>
<lastmod>2012-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-lite/contact-form-plugin-1125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mega-store-woocommerce/mega-store-woocommerce-59-missing-authorization-to-authenticated-subscriber-arbitrary-page-creation-and-settings-change</loc>
<lastmod>2026-02-18T15:50:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-menu/wp-mobile-menu-2843-cross-site-request-forgery</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contact-form-iii/wp-contact-form-iii-162d-reflected-cross-site-scripting</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-downloads-list/simple-downloads-list-143-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-11-07T14:19:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-party/illi-link-party-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-1091-remote-code-execution</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-plugin/gallery-by-bestwebsoft-469-authenticated-author-sql-injection</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edoc-employee-application/edoc-employee-job-application-113-reflected-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-102521-missing-authorization</loc>
<lastmod>2025-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-popular-posts-plugin-for-wordpress-324-missing-authorization-on-tptn_chart_data</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-6710-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-820-insecure-direct-object-reference-to-account-address-disclosure</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-google-analytics-widget/show-google-analytics-widget-154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-catalog-8/product-catalog-8-120-sql-injection</loc>
<lastmod>2016-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailster/mailster-103-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-blocks/vk-blocks-19422-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-03-06T21:13:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1364-local-file-inclusion</loc>
<lastmod>2016-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iubenda-cookie-law-solution/iubenda-235-failure-to-restrict-url-protocol</loc>
<lastmod>2020-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-217-missing-authorization-to-authenticated-subscriber-assistant-update</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alt-manager/image-alt-text-manager-182-authenticated-author-stored-cross-site-scripting-via-post-title</loc>
<lastmod>2026-03-20T10:42:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kbucket/kbucket-416-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-booster/wp-db-booster-101-cross-site-request-forgery-to-database-cleanup</loc>
<lastmod>2025-12-19T15:05:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/socialv/socialv-social-network-and-community-buddypress-theme-2015-missing-authorization-to-arbitrary-file-download</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-203-remote-code-execution</loc>
<lastmod>2006-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mashsharer/social-media-share-buttons-381-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-16T15:39:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invoice-creator/invoice-generator-100-unauthenticated-account-takeover-via-weak-password-reset-validation-via-reset_user_id-parameter</loc>
<lastmod>2026-06-23T16:37:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mt-addons-for-elementor/mt-addons-for-elementor-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hover-effects/hover-effects-212-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-wp-lms-for-elearning-online-courses-quizzes-various-versions-authenticated-student-privilege-escalation</loc>
<lastmod>2025-11-12T14:27:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-362-unauthenticated-information-exposure</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zita-site-library/zita-elementor-site-library-163-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-15T21:49:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bee-layer-slider/bee-layer-slider-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-price-list/stylish-price-list-690-arbitrary-image-upload</loc>
<lastmod>2021-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rapidexpcart/rapidexpcart-10-authenticated-level-8administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-hubspot/crm-perks-various-plugins-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2021-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-video-presentation/videowhisper-video-presentation-414-arbitrary-file-upload</loc>
<lastmod>2015-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotlight-social-photo-feeds/spotlight-social-media-feeds-171-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnisend-connect/email-marketing-for-woocommerce-by-omnisend-1138-sensitive-information-exposure</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-942-postmessage-based-cross-site-scripting</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-designer-pro/woocommerce-designer-pro-1926-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/idealauto/idealauto-386-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-app/mobile-app-canvas-382-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-202-reflected-cross-site-scripting</loc>
<lastmod>2014-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/style-admin/style-admin-143-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wproject/wproject-580-missing-authorization-to-unauthenticated-content-modification-and-deletion</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themegrill-demo-importer/themegrill-demo-importer-2006-missing-authorization</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/athens/athens-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-2126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11318-unauthenticated-time-based-sql-injection-via-map_post_type-parameter</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-203-unauthorized-form-submission-via-disabled-forms</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/method/method-21-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aone-sms/service-finder-sms-system-200-authentication-bypass</loc>
<lastmod>2025-09-18T16:13:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-167-unauthenticated-csv-injection</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-70-unauthenticated-sql-injection-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/igniteup/igniteup-coming-soon-and-maintenance-mode-340-information-disclosure</loc>
<lastmod>2019-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-253-cross-site-request-forgery</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-139-authenticated-admin-os-command-injection-via-url</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfmatters/perfmatters-220-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/void-visual-whmcs-element/wpbakery-visual-composer-whmcs-elements-104-authenticated-contributor-stored-cross-site-scripting-via-void_wbwhmcse_laouts_search-shortcode</loc>
<lastmod>2024-11-20T13:55:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-398-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-5023-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basepress/knowledge-base-documentation-wiki-plugin-basepress-2161-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-320-authenticated-admin-cross-site-scripting-and-missing-authorization-checks</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-login-register/houzez-login-register-325-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2024-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-ultimate-wordpress-fse-blocks-addons-ecosystem-353-authenticated-contributor-stored-cross-site-scripting-via-separatoriconsvg</loc>
<lastmod>2026-05-04T14:22:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-geo-posts-free/my-geo-posts-free-12-php-object-injection</loc>
<lastmod>2017-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-manager-wp/blog-manager-wp-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-comment-fields/comments-extra-fields-for-postpages-and-cpt-50-missing-authorization</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-5111-authenticated-subscriber-path-traversal</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-404-to-parent/redirect-404-to-parent-131-reflected-cross-site-scripting</loc>
<lastmod>2021-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hostmev2/hostme-v2-70-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-authenticated-contributor-stored-cross-site-scripting-via-give_form_grid-shortcode</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/builderpress/builderpress-201-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdevart-pricing-table/pricing-table-builder-151-cross-site-request-forgery</loc>
<lastmod>2025-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brid-video-easy-publish/target-video-easy-publish-383-authenticated-contributor-stored-cross-site-scripting-via-brid_override_yt-shortcode</loc>
<lastmod>2025-01-28T22:37:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themebeez-toolkit/themebeez-toolkit-135-missing-authorization</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-content/nelio-content-405-missing-authorization</loc>
<lastmod>2025-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-22-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2022-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tagembed-widget/tagembed-embed-twitter-feed-google-reviews-youtube-videos-tiktok-rss-feed-more-social-media-feeds-48-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-2741-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-107732-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-12-15T10:11:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-554-authenticated-contibutor-stored-cross-site-scripting-via-hover-card</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-album-gallery/album-gallery-wordpress-gallery-163-authenticated-editor-php-object-injection-via-gallery-meta</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accesspress-anonymous-post/accesspress-anonymous-post-284-authenticated-contributor-arbitrary-redirect</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/newspaper-news-woocommerce-wordpress-theme-67-arbitrary-options-update</loc>
<lastmod>2016-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omni-secure-files/omni-secure-files-0113-arbitrary-file-upload</loc>
<lastmod>2012-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-recommend-this/i-recommend-this-383-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whatsapp/wp-chat-app-363-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business/business-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expand-maker/read-more-accordion-357-authenticated-administrator-sql-injection-via-orderby-parameter</loc>
<lastmod>2026-05-19T12:12:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecab-taxi-booking-manager/taxi-booking-manager-for-woocommerce-121-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-optimize/wp-optimize-452-authenticated-author-arbitrary-file-deletion-via-original-file-post-meta</loc>
<lastmod>2026-05-06T15:34:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zikzag-core/zikzag-core-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blobinator/kontxt-content-advisor-22-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robokassa/robokassa-payment-gateway-for-woocommerce-181-reflected-cross-site-scripting</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mingle-forum/mingle-forum-10333-stored-cross-site-scripting</loc>
<lastmod>2013-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-event-calendar/timely-all-in-one-events-calendar-110-cross-site-scripting</loc>
<lastmod>2013-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-101415-authenticated-editor-sql-injection</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustmate-io-integration-for-woocommerce/trustmateio-integration-for-woocommerce-1812-authenticated-subscriber-arbitrary-blog-option-update</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-crm-forms/zoho-crm-lead-magnet-1788-reflected-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clock-in-portal/clock-in-portal-21-cross-site-request-forgery-to-designation-deletion</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-837-arbitrary-file-upload</loc>
<lastmod>2020-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendsms/sendsms-129-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-wordpress-search-plugin-555-missing-authorization-to-authenticated-subscriber-index-creation</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/themify-ultra/themify-ultra-735-privilege-escalation</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-labels/advanced-woo-labels-product-labels-for-woocommerce-193-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-missing-authorization-to-settings-update-in-disableoptimization</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drm-protected-video-streaming/s3player-woocommerce-elementor-integration-421-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-322-admin-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5102-authenticated-contributor-stored-cross-site-scripting-via-open-map-widget</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/runners-log/runners-log-392-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T17:54:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-cost-calculator/stylish-cost-calculator-831-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-09T14:36:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-elementor-for-woocommerce/envos-elementor-templates-widgets-for-woocommerce-144-cross-site-request-forgery-via-ajax_plugin_activation</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13975-authenticated-contributor-stored-cross-site-scripting-via-back-to-top-widget</loc>
<lastmod>2024-05-31T17:38:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-imageflow2/wp-flow-plus-523-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-google-tag-manager/add-custom-google-tag-manager-103-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turbosmtp/turbosmtp-46-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notify-odoo/notify-odoo-101-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-05-14T18:52:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-gutenberg-blocks-21917-unauthenticated-information-disclosure-in-sensitive-data</loc>
<lastmod>2026-02-02T16:58:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twchat/two-way-chat-send-or-receive-messages-to-your-user-314-cross-site-request-forgery</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antideo-email-validator/antideo-email-validator-1010-unauthenticated-sql-injection</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-missing-authorization-to-enabledisable-dark-mode</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-so/if-so-dynamic-content-personalization-1803-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popups-lite/wp-popups-2148-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-seo-pack/premium-seo-pack-wp-seo-plugin-16002-unauthenticated-information-exposure</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-structured-data-schema/schema-plugin-for-divi-gutenberg-shortcodes-432-authenticated-contributor-object-instantiation</loc>
<lastmod>2025-10-02T22:14:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/buddyboss-theme/buddyboss-theme-2460-missing-authorization</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-options/widget-options-4061-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/education-base/education-base-308-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/winterlock/cross-site-request-forgery-124-cross-site-request-forgery</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberpress/memberpress-1120-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ajax-page-loader/advanced-ajax-page-loader-277-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-1410-cross-site-scripting</loc>
<lastmod>2014-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpl/copperleaf-photolog-016-sql-injection</loc>
<lastmod>2010-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-3012-open-redirect</loc>
<lastmod>2018-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-guide/easy-guide-100-unauthenticated-sql-injection</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-reviews/affiliate-reviews-106-authenticated-contributor-stored-cross-site-scripting-via-numcolumns-parameter</loc>
<lastmod>2025-07-15T18:16:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dpepress/dpepress-03-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-20T20:34:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-162447-reflected-cross-site-scripting</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/two-factor-login-telegram/wp-2fa-with-telegram-30-two-factor-authentication-bypass</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-330-unauthenticated-csv-injection</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-baidu-map/wp-baidu-map-122-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-29T14:00:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ship-per-product/ship-per-product-210-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-category-management/wp-media-category-management-22-reflected-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-plus/social-share-icons-social-share-buttons-362-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpo365-login/wpo365-400-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideal-wp-login-logo-changer/custom-login-logo-117-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-functions-time/find-slow-functions-actions-filters-hooks-140-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-customer-satisfaction-survey-chat-survey-calculaton-form-payment-surveys-428-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-photo-feed/simple-photo-feed-140-missing-authorization</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase-supreme/team-members-87-authenticated-administrator-stored-cross-site-scripting-via-custom_css-parameter</loc>
<lastmod>2026-06-29T14:28:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7116-authenticated-admin-sql-injection-via-entry</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/companion-sitemap-generator/companion-sitemap-generator-4511-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-businessdirectory/wp-businessdirectory-315-reflected-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goolytics-simple-google-analytics/goolytics-simple-google-analytics-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sydney-toolbox/sydney-toolbox-128-authenticated-contributor-stored-cross-site-scripting-via-filterable-gallery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-836-insecure-direct-object-reference-to-authenticated-author-arbitrary-attachment-deletion-and-rename</loc>
<lastmod>2026-02-13T22:18:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatlive/chatlive-201-unauthenticated-sql-injection</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexi/flexi-428-authenticated-contributor-stored-cross-site-scripting-via-flexi-form-tag-shortcode</loc>
<lastmod>2025-10-02T22:16:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppizza/wppizza-3182-reflected-cross-site-scripting</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reveal-listing/reveal-listing-33-unauthenticated-privilege-escalation</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scriptless-social-sharing/scriptless-social-sharing-330-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-admin-logo-changer/wp-admin-logo-changer-10-plugins-settings-update-via-cross-site-request-forgery</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mrkv-vchasno-kasa/vchasno-kasa-103-unauthenticated-log-file-clearing</loc>
<lastmod>2025-07-18T17:11:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-font-awesome-share-icons/wp-font-awesome-share-icons-111-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-21T18:38:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-3292-missing-authorization-to-authenticated-subscriber-account-takeover-via-user_id-url-query-parameter</loc>
<lastmod>2026-05-27T14:51:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/removehide-author-date-category-like-entry-meta/removehide-author-date-category-like-entry-meta-21-cross-site-request-forgery</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-image-alt-text-generator-for-wp/ai-image-alt-text-generator-for-wp-115-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretix-widget/pretix-widget-105-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forumwp/forumwp-forum-discussion-board-212-reflected-cross-site-scripting-via-url-parameter</loc>
<lastmod>2024-12-05T19:44:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-addon-for-elementor/image-hover-effects-elementor-addon-133-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aurum/aurum-wordpress-woocommerce-shopping-theme-402-missing-authorization-to-authenticated-subscriber-demo-content-import</loc>
<lastmod>2025-01-06T17:57:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-booking-engine/ezee-online-hotel-booking-engine-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-antivirus-firewall/security-antivirus-firewall-saf-235-ip-address-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsite-follow-us-badges/follow-us-badges-3111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/todays-date-inserter/todays-date-inserter-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-727-cross-site-request-forgery-to-library-settings-reset</loc>
<lastmod>2021-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7115-authenticatedcontributor-sensitive-information-exposure-via-form-entries</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-1568-multiple-reflected-cross-site-scripting</loc>
<lastmod>2021-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-wp-page-to-static-html/export-wp-page-to-static-html-pdf-434-unauthenticated-cookie-exposure-via-log-file</loc>
<lastmod>2025-12-12T15:39:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-list-manager/link-list-manager-10-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-wc-product-import-export/csv-product-import-export-for-woocommerce-100-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgetapi/wpget-api-2210-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-03-06T20:56:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gumroad/gumroad-310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-132-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scheduled-posts/schedulepress-504-insufficient-authorization-to-authenticated-contributor-arbitrary-post-modifications</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ads-manager/simple-ads-manager-2594-2596-information-disclosure</loc>
<lastmod>2015-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-312-authenticated-contributor-dom-based-stored-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2025-05-22T19:56:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-tabs/tabs-406-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration/event-registration-60003-sql-injection</loc>
<lastmod>2010-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whydowork-adsense/whydowork-adsense-12-cross-site-request-forgery</loc>
<lastmod>2014-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-customer/full-customer-3125-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aldo/aldo-1010-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/plus-addons-for-elementor-page-builder-416-authentication-bypass</loc>
<lastmod>2021-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popularis-extra/popularis-extra-1210-cross-site-request-forgery</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-post-type/testimonial-post-type-121-authenticated-contributor-stored-cross-site-scripting-via-auto_play-parameter</loc>
<lastmod>2025-07-17T16:33:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery-captions/foogallery-captions-102-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crayon-syntax-highlighter/crayon-syntax-highlighter-284-cross-site-scripting</loc>
<lastmod>2016-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transcoder/transcoder-135-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalpoll-lite/total-poll-lite-4120-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-master/contact-form-master-107-reflected-cross-site-scripting</loc>
<lastmod>2024-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-449-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falang/falang-multilanguage-for-wordpress-1352-missing-authorization-to-translation-update-and-information-exposure</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/werk-aan-de-muur/werk-aan-de-muur-15-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/err-our-team/inpersttion-for-theme-10-authenticated-contributor-arbitrary-function-call</loc>
<lastmod>2025-08-14T20:16:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-gift-cards-premium/yith-woocommerce-gift-cards-premium-3190-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocs-1374-reflected-cross-site-scripting-via-ajax-action</loc>
<lastmod>2022-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-schemaorg-rich-snippets/schema-all-in-one-schema-rich-snippets-144-cross-site-scripting</loc>
<lastmod>2017-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpo365-login/wordpress-microsoft-office-365-azure-ad-login-153-stored-cross-site-scripting</loc>
<lastmod>2021-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-wp-speed/fast-wp-speed-100-reflected-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsxpress/newsxpress-107-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2111-missing-authorization-via-pms_stripe_connect_handle_authorization_return</loc>
<lastmod>2024-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tune-library/tune-library-163-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting-via-csv-import</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pricing-tables/easy-pricing-tables-312-arbitrary-post-removal-via-cross-site-request-forgery</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ce21-suite/ce21-suite-220-missing-authorization-to-unauthenticated-plugin-settings-change</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3208-unauthenticated-information-exposure</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2812-authenticated-contributor-stored-cross-site-scripting-via-photo-widget-crop-attribute</loc>
<lastmod>2024-05-10T08:49:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms-acf/buddyforms-acf-138-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/romethemekit-for-elementor-152-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-532-authenticated-admin-php-object-injection</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/second-street-promotion/second-street-316-stored-cross-site-scripting-via-organization_id</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-captcha/easy-captcha-10-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-415-authenticated-subscriber-ldap-injection</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-venturit/gmap-venturit-11-authenticated-contributor-stored-cross-site-scripting-via-h-parameter</loc>
<lastmod>2025-08-11T13:49:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-2910-reflected-cross-site-scripting</loc>
<lastmod>2025-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-312-remote-command-execution</loc>
<lastmod>2015-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider/testimonial-slider-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-list-manager/video-list-manager-17-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xisearch-bar/xisearch-bar-26-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-13T19:46:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-warning/cookie-warning-13-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/valvepress-rankie/rankie-182-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-manager/newsletter-manager-14-open-redirect</loc>
<lastmod>2019-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-191-authorization-bypass</loc>
<lastmod>2014-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-free-pro-17-authorization-bypass</loc>
<lastmod>2016-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blipbot/wp-blipbot-309-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/ai-power-complete-ai-pack-1889-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-30T16:46:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-and-post-restriction/page-restriction-wordpress-126-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-custom-post-type/flexible-custom-post-type-017-cross-site-scripting</loc>
<lastmod>2011-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-marquee-plugin/vertical-marquee-plugin-71-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-to-hootsuite/wordpress-to-hootsuite-145-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squelch-tabs-and-accordions-shortcodes/squelch-tabs-and-accordions-shortcodes-047-cross-site-request-forgery</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/task-manager/task-manager-302-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2026-03-20T15:08:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-post-revision/delete-post-revision-11-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-client-reports/wp-client-reports-1022-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-notifier/broken-link-notifier-130-authenticated-contributor-csv-injection</loc>
<lastmod>2025-07-10T19:45:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anyfont/anyfont-223-cross-site-scripting</loc>
<lastmod>2014-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edoc-easy-tables/edoc-easy-tables-129-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restricted-site-access/restricted-site-access-731-access-bypass-via-ip-spoofing</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-counter/download-counter-14-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-367-email-address-disclosure</loc>
<lastmod>2022-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-to-download/email-to-download-310-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-video-management-system/simple-video-management-system-104-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-toolkit/uncanny-toolkit-for-learndash-3643-missing-authorization-via-review-banner-visibility-rest-route</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-media-without-import/external-media-without-import-100-reflected-cross-site-scripting</loc>
<lastmod>2017-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sf-booking/service-finder-provider-and-business-listing-theme-32-path-traversal</loc>
<lastmod>2018-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-manual-purchases/easy-digital-downloads-manual-purchases-191-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-embedder-fay/pdf-embedder-fay-1101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-block/svg-block-1119-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fundraising-donation/wp-fundraising-donation-and-crowdfunding-platform-142-unauthenticated-sql-injection</loc>
<lastmod>2022-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-embed/wp-google-map-176-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-449-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-content-type-manager/custom-content-type-manager-0985-authenticated-admin-remote-code-execution</loc>
<lastmod>2015-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/domain-for-sale/domain-for-sale-3010-authenticated-contributor-stored-cross-site-scripting-via-class_name-parameter</loc>
<lastmod>2025-06-05T22:24:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bridge-core/bridge-core-33-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-565-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multiple-free-gift/woocommerce-multiple-free-gift-123-insufficient-server-side-validation-to-arbitrary-gift-adding</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1263-referer-cross-site-scripting</loc>
<lastmod>2019-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/amely/amely-314-unauthenticated-sql-injection</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/social-share-social-login-and-social-comments-7106-authentication-bypass</loc>
<lastmod>2018-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jannah/jannah-newspaper-magazine-news-buddypress-amp-764-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171036-missing-authorization-to-unauthenticated-media-file-upload</loc>
<lastmod>2025-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-5513-authenticated-administrator-stored-cross-site-scripting-via-menu_gcse-and-nothing_found_text-parameters</loc>
<lastmod>2026-01-27T19:35:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooCommerce-order-proposal/woocommerce-order-proposal-205-authenticated-shop-manager-privilege-escalation-via-order-proposal</loc>
<lastmod>2024-10-22T13:22:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0989-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-254-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-cf7/extensions-for-cf7-340-authenticated-contributor-insecure-direct-object-reference</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-user-profile-user-registration-login-membership-plugin-250-authenticated-admin-limited-remote-code-execution-via-um_populate_dropdown_options</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpkoi-templates-for-elementor/wpkoi-templates-for-elementor-310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hss-embed-streaming-video/hss-embed-streaming-video-323-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-insufficient-access-control-to-theme-activation</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/membership-plugin-restrict-content-3218-authenticated-administrator-stored-cross-site-scripting-via-invoice-settings</loc>
<lastmod>2026-02-17T17:14:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child-reports/mainwp-child-reports-22-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-8510-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundslides/soundslides-142-authenticated-contributor-stored-cross-site-scripting-via-soundslides-shortcode</loc>
<lastmod>2025-11-26T14:19:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-feedly/add-to-feedly-1211-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxwpbookmark/cbx-bookmark-favorite-1713-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tipsy/tipsy-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-214-missing-authorization-via-settings_reset</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance/wp-maintenance-6197-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-footer-credit/remove-footer-credit-1010-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahathat/ahathat-plugin-16-authenticated-administrator-sql-injection-via-id-parameter</loc>
<lastmod>2025-03-18T22:18:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kv-tinymce-editor-fonts/kv-tinymce-editor-add-fonts-11-cross-site-request-forgery</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stafflist/stafflist-312-authenticated-sql-injection</loc>
<lastmod>2022-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-website-builder-for-wordpress-woocommerce-7114-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flexible-map/flexible-maps-1180-authenticated-contributor-stored-cross-site-scripting-via-flexible-maps-shortcode</loc>
<lastmod>2025-08-18T19:06:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logaster-logo-generator/logaster-logo-generator-13-cross-site-request-forgery-to-arbitrary-media-deletion-and-creation</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dtree-30/wp-dtree-445-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rrdevs-for-elementor/rraddons-for-elementor-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-youtube-video/embed-youtube-video-10-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-contact-form-payment-form-custom-form-builder-1134-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-to-display-post-and-user-data/display-custom-fields-in-the-frontend-post-and-user-profile-fields-120-missing-authorization-via-vg_display_data-shortcode</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rover-idx/rover-idx-3002903-authenticated-subscriber-missing-authorization-via-multiple-functions</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-event-attendance/seatt-simple-event-attendance-150-cross-site-request-forgery-to-arbitrary-event-deletion</loc>
<lastmod>2026-02-13T16:18:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-spam-wiper/comment-spam-wiper-121-authenticated-administrator-stored-cross-site-scripting-via-api-key-setting</loc>
<lastmod>2026-03-20T15:14:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-headers/http-headers-1192-authenticated-administrator-external-control-of-file-name-or-path-to-rce-via-hh_htpasswd_path-and-hh_www_authenticate_user-parameters</loc>
<lastmod>2026-04-21T19:13:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/text-selection-color/text-selection-color-16-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-bookings-premium/gravity-bookings-259-unauthenticated-sql-injection-via-category_id-parameter</loc>
<lastmod>2026-05-05T20:29:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-comments-reloaded/subscribe-to-comments-reloaded-150820-reflected-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dekoro/dekoro-107-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravityforms-248-information-exposure</loc>
<lastmod>2019-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mass-delete-tags/mass-delete-taxonomies-300-cross-site-request-forgery-via-mp_plugin_mass_delete_tags_init</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emma-emarketing-plugin/emma-for-wordpress-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-ups-pickup/opsi-israel-domestic-shipments-265-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik/estatik-real-estate-plugin-410-unauthenticated-php-object-injection</loc>
<lastmod>2023-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-207-improper-neutralization-of-crlf-sequences-to-unauthenticated-email-header-injection-via-email</loc>
<lastmod>2026-03-27T20:45:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-fields-search/wp-custom-fields-search-1234-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-21922-missing-authorization</loc>
<lastmod>2026-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genesis-blocks/genesis-blocks-312-authenticated-contributor-stored-cross-site-scripting-via-block-content</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-tour-booking-plugin-tour-operator-software-667-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-08T16:24:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-64-reflected-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ot-twitter-feed/twitter-feed-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:17:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-1566-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captivatesync-trade/captivate-sync-322-authenticated-administrator-sql-injection</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-for-wordpress-wpbot-557-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-16T18:32:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1834-reflected-cross-site-scripting-via-image_id-parameter</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-widgets-for-elementor/opal-widgets-for-elementor-169-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-409-ip-address-spoofing</loc>
<lastmod>2024-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribe/email-subscription-popup-1220-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-528-authenticated-subscriber-limited-file-upload</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classic-editor-and-classic-widgets/classic-editor-and-classic-widgets-125-cross-site-request-forgery-via-render_settings_page</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-621-authenticated-contributor-stored-cross-site-scripting-via-permission_message-shortcode-attribute</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker-seo/broken-link-checker-by-aioseo-123-authenticated-contributor-sql-injection</loc>
<lastmod>2025-04-05T16:21:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insight-core/insight-core-10-authenticated-php-object-injection-stored-cross-site-scripting</loc>
<lastmod>2021-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-mercadopago/mercado-pago-payments-for-woocommerce-631-cross-site-request-forgery</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailarchiver/mailarchiver-2101-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/capie/capie-1040-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spare/spare-17-reflected-cross-site-scripting</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-car-rental-management-system-145-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-510-cross-site-request-forgery</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-3108-authenticated-contributor-stored-cross-site-scripting-via-masterslider_pb-and-ms_slide-shortcodes</loc>
<lastmod>2025-06-16T22:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seofy-core/seofy-core-168-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nice-loader/wp-nice-loader-0104-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3204-authenticated-contributor-sql-injection</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-360-panorama-and-free-virtual-tour-builder-for-wordpress-8532-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T15:12:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-125-authenticated-contributor-sql-injection</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-3912-authenticatedcontributor-stored-cross-site-scripting-via-widget-attribute</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-delete-posts/auto-delete-posts-130-cross-site-request-forgery-to-arbitrary-settings-update</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2730-unauthenticated-sensitive-information-exposure-via-ai-debug-processing-fe</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upunzipper/upunzipper-100-authenticated-admin-arbitrary-file-deletion</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kush-micro-news/kush-micro-news-167-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2110-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-tql-edition/ltl-freight-quotes-tql-edition-126-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-270-missing-authorization</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idx-broker-platinum/impress-for-idx-broker-261-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thena/thena-155-reflected-cross-site-scripting</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-log-viewer/error-log-viewer-by-bestwebsoft-106-reflected-cross-site-scripting</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-forms-invitation-based-registrations-custom-login-payments-312-sql-injection</loc>
<lastmod>2019-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-promoter/wp-promoter-13-missing-authorization-to-unauthenticated-statistics-reset-via-wpp-reset_stats-ajax-action</loc>
<lastmod>2026-05-26T17:23:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-free-widgets-extensions-and-templates-2720-authenticated-contributor-stored-cross-site-scripting-via-link-effects-widget</loc>
<lastmod>2024-06-12T17:12:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asf-allow-svg-files/allow-svg-files-11-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-2973-authenticated-contributor-stored-cross-site-scripting-via-mycred_load_coupon-shortcode</loc>
<lastmod>2026-02-13T19:46:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-title-validate/duplicate-title-validate-10-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-academic-people/wp-academic-people-list-041-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-3311-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eroom-zoom-meetings-webinar/eroom-zoom-meetings-webinar-137-cross-site-request-forgery</loc>
<lastmod>2022-04-11T17:58:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gg-woo-feed/gtg-product-feed-for-shopping-124-missing-authorization-to-unauthenticated-plugin-settings-update</loc>
<lastmod>2023-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ashe/ashe-2243-reflected-cross-site-scripting-via-add_query_arg-parameter</loc>
<lastmod>2024-11-18T23:50:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1331-cross-site-request-forgery-to-feedback-submission</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-wordpress-media-library-folders-file-manager-648-authenticated-author-sql-injection</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-google-reviews/rich-showcase-for-google-reviews-6943-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerkit/powerkit-259-cross-site-request-forgery</loc>
<lastmod>2022-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-212-authenticated-contributor-stored-cross-site-scripting-via-widget-titles</loc>
<lastmod>2024-06-05T15:27:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2130-authenticated-contributor-stored-cross-site-scripting-via-blocksy_meta-fields</loc>
<lastmod>2026-03-02T09:26:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-citilights/citilights-372-missing-authorization</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scalable-vector-graphics-svg/scalable-vector-graphics-svg-34-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-forms-pro/caldera-forms-pro-182-missing-authorization</loc>
<lastmod>2019-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/passwords-manager/passwords-manager-148-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-helper-lite/wp-helper-premium-420-reflected-cross-site-scripting</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg_fullscreen_fullwidth_slider/imagevideo-fullscreen-background-167-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1212-authenticated-cross-site-scripting</loc>
<lastmod>2015-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-google-sheet-reader/stylish-google-sheet-reader-40-reflected-cross-site-scripting</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-music-player-podcast-player-radio-by-sonaar-40-510-unauthenticated-insecure-direct-object-reference-to-sensitive-information-exposure</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baslider/image-slider-by-nextcode-112-cross-site-request-forgery-to-slide-deletion</loc>
<lastmod>2022-05-26T11:06:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyjobs/easyjobs-2414-reflected-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connections/connections-business-directory-0794-cross-site-scripting</loc>
<lastmod>2014-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/wordpress-backup-migration-140-missing-authorization-via-wt_delete_schedule</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sv-provenexpert/sv-proven-expert-2006-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicknav-mobile-menu/slicknav-mobile-menu-192-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-action-box/magic-action-box-2172-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-multi-step-form-calculation-contact-form-payment-contact-form-custom-contact-form-builder-2173-missing-authorization-to-authenticated-subscriber-form-submission-disclosure</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buckets/buckets-039-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsmarker/leaflet-maps-marker-google-maps-openstreetmap-bing-maps-24-cross-site-scripting</loc>
<lastmod>2012-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-ajax-navigation/yith-woocommerce-ajax-product-filter-510-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hacklog-remote-attachment/hacklog-remote-attachment-132-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-template-customizer-for-woo/email-template-customizer-for-woocommerce-1291-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto/crypto-215-cross-site-request-forgery-to-authentication-bypass</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amin-chat-button/pulsating-chat-button-141-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-03T14:18:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abbie-expander/abbie-expander-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/24liveblog/24liveblog-22-authenticated-contributor-exposure-of-sensitive-information-via-block-editor-script-localization</loc>
<lastmod>2026-06-23T16:38:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-youtube-google-docs-vimeo-wistia-videos-audios-maps-any-documents-in-gutenberg-elementor-395-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwolle-gb/gwolle-guestbook-412-reflected-cross-site-scripting</loc>
<lastmod>2021-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fish-and-ships/fish-and-ships-159-reflected-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-269-authenticated-contributor-stored-cross-site-scripting-via-titletag</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/the-fox-currency-switcher-professional-for-woocommerce-1422-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xsmart/xsmart-1294-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slivery-extender/slivery-extender-102-authenticatedcontributor-remote-code-execution-via-shortcode</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberlite-shortcodes/memberlite-shortcodes-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-16T14:11:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-advance-product-search/th-advance-product-search-114-missing-authorization-to-plugin-settings-reset</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inboxify-sign-up-form/inboxify-sign-up-form-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-51-authenticated-administrator-arbitrary-file-and-folder-access</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-media-library-lite/wordpress-real-media-library-4141-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-3111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bard/bard-2210-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payments/woopayments-1051-missing-authorization-to-unauthenticated-plugin-settings-update-via-save_upe_appearance_ajax</loc>
<lastmod>2026-03-30T16:13:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-card/menu-card-080-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-08T21:22:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-421-cross-site-scripting-via-comments</loc>
<lastmod>2015-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ait-csv-import-export/ait-csv-importexport-303-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2020-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-block-block/timeline-block-133-insecure-direct-object-reference-to-authenticated-author-private-timeline-exposure-via-shortcode-attribute</loc>
<lastmod>2026-02-05T13:39:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-xml-feed/import-xml-and-rss-feeds-215-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ga-germanized/analytics-germanized-for-google-analytics-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-344-sql-injection</loc>
<lastmod>2019-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/automotive/automotive-car-dealership-business-wordpress-theme-1341-authenticated-contributor-stored-cross-site-scripting-via-portfolio-project-details</loc>
<lastmod>2026-05-28T17:26:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-and-video-player/cp-media-player-113-cross-site-request-forgery-to-player-deletion-and-duplication</loc>
<lastmod>2024-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/improved-include-page/improved-include-page-12-authenticated-contributor-arbitrary-postspages-access</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mantra/mantra-332-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-light/jobboard-job-listing-127-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-frame-iframe/inline-frame-iframe-01-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-24T19:09:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-01038-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formget-contact-form/contact-form-by-formget-531-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-woocommerce-customer-list/export-customers-list-csv-for-woocommerce-2067-csv-injection</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foft-loader/wp-foft-loader-2139-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2026-02-03T17:31:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-keep/email-keep-11-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addonify-compare-products/addonify-compare-products-for-woocommerce-1117-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/monetag-official/monetag-official-plugin-113-missing-authorization</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-71-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/roneous/roneous-creative-multi-purpose-wordpress-theme-215-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-import-export-for-woo/product-import-export-for-woocommerce-237-authenticatedshop-manager-arbitrary-file-upload-via-upload_import_file</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-forum-61010-reflected-cross-site-scripting-via-msearch</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-slider/magic-slider-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4280-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-raptor/raptor-editor-1020-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-image-collage/easy-image-collage-1135-missing-authorization-to-authenticated-contributor-data-clearance</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secupress-pro/secupress-free-and-secupress-pro-1412-unauthenticated-arbitrary-ip-ban</loc>
<lastmod>2021-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wikipedia-preview/wikipedia-preview-1150-missing-authorization</loc>
<lastmod>2025-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery-with-slideshow/image-gallery-with-slideshow-plugin-152-sql-injection-via-gid</loc>
<lastmod>2017-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-order-barcodes/woocommerce-order-barcodes-164-cross-site-request-forgery</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-311-denial-of-service</loc>
<lastmod>2011-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-contact-form-integration-for-elementor/eleforms-all-in-one-form-integration-including-db-for-elementor-2997-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/misiek-paypal/misiek-paypal-1120090324-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-products-manager-woocommerce/related-products-manager-for-woocommerce-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-maintenance-mode/yith-maintenance-mode-114-reflected-cross-site-scripting</loc>
<lastmod>2015-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fw-food-menu/fw-food-menu-600-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-importer/wp-advanced-importer-211-reflected-cross-site-scripting</loc>
<lastmod>2016-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/golo/golo-city-travel-guide-wordpress-theme-133-reflected-cross-site-scripting</loc>
<lastmod>2020-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-realty/wprealty-291-reflected-cross-site-scripting</loc>
<lastmod>2013-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amo-team-showcase/amo-team-showcase-114-authenticated-contributor-stored-cross-site-scripting-via-amoteam_skills-shortcode</loc>
<lastmod>2025-02-20T15:02:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-317-reflected-cross-site-scripting</loc>
<lastmod>2024-07-01T19:02:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-secret-meta/secret-meta-121-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-ajax-search/yith-woocommerce-ajax-search-240-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-affiliate/wc-affiliate-a-complete-woocommerce-affiliate-plugin-253-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure-via-wf-export-all</loc>
<lastmod>2025-03-14T14:23:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-aparat/aparat-for-wordpress-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logwpmail/log-wp_mail-01-sensitive-information-disclosure</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-sync-for-woocommerce/stock-sync-for-woocommerce-232-cross-site-request-forgery</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kindlycare/kindlycare-161-unauthenticated-php-object-injection</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ripe-hd-player/ripe-hd-flv-11-sql-injection</loc>
<lastmod>2013-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft-129-authenticated-contributor-stored-cross-site-scripting-via-fcb-shortcode</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-306-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libro-de-reclamaciones/libro-de-reclamaciones-101-reflected-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reepay-checkout-gateway/frisbii-pay-189-missing-authorization-to-authenticated-subscriber-payment-token-modification</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-107-reflected-cross-site-scripting-via-tp_tp</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lucas-string-replace/lucas-string-replace-205-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/musicbox/musicbox-203-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-271-missing-authorization</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnipress/omnipress-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ezpz-one-click-backup/ezpz-one-click-backup-120310-unauthenticated-command-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-1915-authenticated-author-sql-injection-via-upload</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onesignal-free-web-push-notifications/onesignal-web-push-notifications-361-missing-authorization-to-unauthenticated-plugin-settings-update</loc>
<lastmod>2025-12-15T02:15:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-customer-support-ticket-system-346-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/corona/corona-all-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-bot-registration/no-bot-registration-191-cross-site-request-forgery</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athlon-manage-calameo-publications/manage-calameo-publications-by-athlon-111-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-332-unauthenticated-email-relay-abuse-via-woolentor_suggest_price_action-ajax-action</loc>
<lastmod>2026-02-17T16:06:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-menu-manager/advance-menu-manager-306-cross-site-request-forgery</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1726-authentication-bypass-due-to-missing-empty-value-check</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/store-commerce/store-commerce-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolook/woocommerce-blocks-woolook-170-authenticated-admin-local-file-inclusion</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertkit/convertkit-220-reflected-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-167-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truebooker-appointment-booking/truebooker-102-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/capability-manager-enhanced/publishpress-capabilities-23-unauthenticated-arbitrary-options-update</loc>
<lastmod>2021-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idpay-contact-form-7/idpay-for-contact-form-7-212-reflected-cross-site-scripting</loc>
<lastmod>2021-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onet-regenerate-thumbnails/onet-regenerate-thumbnails-15-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-lightbox/video-lightbox-195-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omfg-mobile/omfg-mobile-pro-1126-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-faq/arconix-faq-196-missing-authorization</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-checker/link-checker-1162-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-addons-140-widgets-for-elementor-150-missing-authorization-to-unauthenticated-xpro-template-creation</loc>
<lastmod>2026-05-19T13:32:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telegram-for-wp/telegram-for-wp-161-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T13:09:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sniplets/sniplets-123-cross-site-scripting</loc>
<lastmod>2008-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3621-reflected-cross-site-scripting-via-title</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpstream/wpstream-live-streaming-video-on-demand-pay-per-view-4112-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-elementor-gutenberg-beaver-builder-templates-270-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-elementor-wordpress-beaver-builder-templates-416-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youram-youtube-embed/youtube-embed-103-authenticated-contributor-stored-cross-site-scripting-via-instance-parameter</loc>
<lastmod>2025-07-28T20:26:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-442-authenticatedcontributor-sql-injection</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-finance/wp-finance-136-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primer-by-chloedigital/primer-by-chlodigital-1025-reflected-cross-site-scripting</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-tooltipglossary/cm-tooltip-glossary-433-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scratchblocks-for-wp/scratchblocks-for-wp-101-authenticated-contributor-stored-cross-site-scripting-via-element-shortcode-attribute</loc>
<lastmod>2026-05-11T19:02:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-currency-converter-basic-for-woocommerce/paypal-currency-converter-basic-for-woocommerce-13-path-traversal-to-arbitrary-file-read</loc>
<lastmod>2015-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-321-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2019-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-marginalia/my-marginalia-106-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-woocommerce/pdf-invoices-for-woocommerce-drag-and-drop-template-builder-460-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flatsome/flatsome-3187-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-shopping-cart/easy-paypal-shopping-cart-1110-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elisqlreports/ez-sql-reports-shortcode-widget-and-db-backup-52508-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-invalid-click-protector/ad-invalid-click-protector-125-sql-injection</loc>
<lastmod>2022-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/webinarpress-13320-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3135-missing-authorization</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wappointment/appointment-bookings-for-zoom-googlemeet-and-more-wappointment-260-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-9012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-testimonials/fancy-testimonials-10-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-06-17T19:25:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-https-remover/inisev-plugins-various-versions-missing-authorization-on-handle_installation-function</loc>
<lastmod>2023-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-over-image-vc-extension/image-over-image-for-wpbakery-page-builder-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-131-missing-authorization-to-arbitrary-options-read</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-core-26-cross-site-scripting</loc>
<lastmod>2008-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3526-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-shopping-cart-70-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/motorix/motorix-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-product-addons-custom-fields-for-woocommerce-33015-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-10-17T18:09:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disc-golf-manager/disc-golf-manager-100-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-click-info/wp-click-info-274-reflected-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jf3-maintenance-mode/maintenance-redirect-201-ip-spoofing-to-maintenance-mode-bypass</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-11810-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-11-07T21:08:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/friends/friends-351-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-favicon/all-in-one-favicon-46-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2018-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1324-cross-site-request-forgery-to-submitted-response-deletion</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-zyrex/zyrex-popup-10-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2023-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-71-authentication-bypass-to-candidate</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-332-authenticated-author-stored-cross-site-scripting-via-custom-script</loc>
<lastmod>2026-05-07T20:49:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft-web-tracker/infusionsoft-analytics-20-cross-site-request-forgery</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-camp/elementcamp-236-authenticated-author-sql-injection-via-meta_querycompare-parameter</loc>
<lastmod>2026-03-20T15:15:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmarker-1065-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-catcher/wp-mail-catcher-216-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-checklist/frontend-checklist-232-authenticated-admin-stored-cross-site-scripting-via-items</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliateimportereb/affiliateimportereb-106-reflected-cross-site-scripting-via-module</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-395-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-styler/scroll-styler-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discourse/wp-discourse-251-missing-authorization</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-3616-authenticated-receptionist-sql-injection</loc>
<lastmod>2026-02-01T18:08:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-filester-176-cross-site-request-forgery-to-arbitrary-file-rename</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8701001-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1003-mortgage-application/1003-mortgage-application-187-unauthenticated-full-path-disclosure</loc>
<lastmod>2025-01-20T15:24:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/restrict-content-322-reflected-cross-site-scripting</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parsi-font/mw-font-changer-425-reflected-cross-site-scripting</loc>
<lastmod>2016-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/petfinder-listings/petfinder-listings-1019-admin-stored-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-opening-hours/opening-hours-230-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-import-export-lite/wp-import-export-lite-3926-authenticated-administrator-php-object-injection</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search/better-search-252-cross-site-request-forgery-to-settings-import</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpx-viewer/gpx-viewer-229-authenticated-subscriber-arbitrary-file-creation</loc>
<lastmod>2024-11-12T13:21:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-finder/custom-field-finder-03-authenticated-author-php-object-injection</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/balkon/balkon-132-reflected-cross-site-scripting</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-453-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-click-to-tweet/better-click-to-tweet-5103-missing-authorization</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookit/bookit-237-authentication-bypass</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-cds/dataverse-integration-277-281-missing-authorization-to-authenticated-subscriber-privilege-escalation-via-reset_password_link-rest-route</loc>
<lastmod>2025-07-23T20:27:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-356-cross-site-scripting</loc>
<lastmod>2017-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocs-woocommerce-currency-switcher-142-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-restaurant-menu/quick-restaurant-menu-202-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-tweet/click-tweet-089-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/provide-forex-signals/provide-forex-signals-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-974-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-intranet/intranet-private-site-all-in-one-intranet-181-missing-authorization</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-widgets-suite/dashboard-widgets-suite-343-reflected-cross-site-scripting</loc>
<lastmod>2024-06-12T19:49:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gc-social-wall/gc-social-wall-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-25T13:46:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moveto/moveto-62-unauthenticated-sql-injection</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/minimog/minimogwp-the-high-converting-ecommerce-wordpress-theme-390-unauthenticated-price-manipulation</loc>
<lastmod>2025-07-25T16:30:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notely/notely-180-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginwp-pro/loginwp-pro-4085-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enl-newsletter/enl-newsletter-101-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-coming-soon-maintenance-countdown-clock-2395-authenticated-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/muzaara-adwords-optimize-dashboard/optimize-your-campaigns-google-shopping-google-ads-google-adwords-31-information-exposure</loc>
<lastmod>2025-01-06T16:05:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-addons/custom-css-addons-191-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/molongui-authorship/molongui-4619-reflected-cross-site-scripting</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3236-authenticated-contributor-stored-cross-site-scripting-via-countdown-timer</loc>
<lastmod>2024-05-10T13:33:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-476-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-blocks/magical-blocks-1012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-sermons/advanced-sermons-32-reflected-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/car-rental-system/car-rental-system-31-sql-injection</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kh-easy-user-settings/kh-easy-user-settings-100-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-11514-admin-sql-injection-via-forum_id</loc>
<lastmod>2021-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-451-authenticated-subscriber-limited-arbitrary-option-update</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator-pro/uncanny-automator-pro-5301-cross-site-request-forgery-to-license-setting-reset</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-payment-form/simple-payment-donations-420-reflected-cross-site-scripting</loc>
<lastmod>2022-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-wordpress-wave-audio-player-with-playlist-645-directory-traversal</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-2329-path-traversal-to-remote-code-execution</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1542-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1568-reflected-cross-site-scripting-1568-reflected-cross-site-scripting</loc>
<lastmod>2021-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-audio-player/html5-audio-player-2111-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-customer-support-ticket-system-344-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/godam/godam-146-missing-authorization</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gustavo/gustavo-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-formerly-woof-1342-missing-authorization-via-woof_meta_get_keys</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photolia/photolia-103-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-542-authenticated-contributor-stored-cross-site-scripting-via-age-gate</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-2611-reflected-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-vipps/login-with-vipps-and-mobilepay-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-appointment-booking-115-authenticated-subscriber-arbitrary-file-read-to-arbitrary-file-creation</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wgpwpp/wedos-global-122-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fx-currency-converter/fx-currency-converter-020-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T15:00:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-202-authenticated-contributor-stored-cross-site-scripting-via-sti-buttons-shortcode</loc>
<lastmod>2024-09-04T20:25:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-infinite-scroll-lazy-load-load-more-781-incorrect-authorization-to-unauthenticated-privatedraft-post-title-and-excerpt-exposure</loc>
<lastmod>2026-01-30T16:20:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-puller/product-puller-151-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal_survey/modal-survey-20182-authorization-bypass</loc>
<lastmod>2021-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-284-reflected-cross-site-scripting</loc>
<lastmod>2020-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/am-hili-affiliate-manager-for-publishers/am-hili-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1171-sensitive-data-exposure-via-debug-log-file</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/option-tree/option-tree-255-cross-site-scripting</loc>
<lastmod>2019-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastly/fastly-1225-missing-authorization</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iubenda-cookie-law-solution/iubenda-332-cross-site-request-forgery</loc>
<lastmod>2022-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-281-cross-site-scripting</loc>
<lastmod>2009-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-custom-registration-form-login-form-and-user-profile-wordpress-plugin-315-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-forms/contact-form-by-mega-forms-124-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-types/wp-easy-post-types-144-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pippo/pippo-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-3423-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pyrmont-v2/pyrmont-v2-207-sql-injection</loc>
<lastmod>2009-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agendapress/agendapress-easily-publish-meeting-agendas-and-programs-on-wordpress-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-permalinker/the-permalinker-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:58:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/entrepreneurx/entrepreneur-booking-for-small-businesses-wordpress-313-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-addon-for-elementor/events-addon-for-elementor-214-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-06-11T08:17:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-conversion/webp-conversion-21-missing-authorization</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor-builder/vertex-addons-for-elementor-164-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshopify/shopwp-204-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2019-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publishpress-authors/co-authors-multiple-authors-and-guest-authors-in-an-author-box-with-publishpress-authors-471-insecure-direct-object-reference-to-authenticated-author-arbitrary-user-email-update-and-account-takeover</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-gallery-grid/responsive-gallery-grid-2314-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/wordpress-automatic-plugin-3532-unauthenticated-arbitrary-options-update</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jannah/jannah-760-unauthenticated-php-object-injection</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-phpmyadmin-extension/wp-phpmyadmin-5203-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polylang/polylang-25-cross-site-request-forgery</loc>
<lastmod>2019-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/async-javascript/async-javascript-2201209-authenticated-admin-cross-site-scripting</loc>
<lastmod>2021-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ownerrez/ownerrez-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikinghammer-tweet/vikinghammer-tweet-024-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sh-slideshow/sh-slideshow-43-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shareaholic/professional-social-sharing-buttons-icons-related-posts-shareaholic-975-information-disclosure</loc>
<lastmod>2022-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-log/smart-external-link-click-monitor-link-log-502-reflected-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prettyphoto/prettyphoto-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-savetranslation-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows-pro/cartflows-pro-11112-cross-site-request-forgery</loc>
<lastmod>2023-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-bundle/wpc-product-bundles-for-woocommerce-845-missing-authorization</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookies-pro/cookies-pro-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce/premmerce-1319-cross-site-request-forgery</loc>
<lastmod>2025-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lock-user-account/lock-user-account-103-cross-site-request-forgery-to-account-lockunlock</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/wpschoolpress-224-authenticatedteacher-sql-injection-via-classid</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/comboblocks-2286-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-elementor-addons-free-widgets-extensions-and-templates-281-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-all/webberzone-snippetz-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magazine-basic/magazine-basic-unknown-versions-sql-injection</loc>
<lastmod>2012-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-15142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T19:12:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rustolat/rus-to-lat-03-cross-site-request-forgery-to-plugins-options-changes</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-slider-slideshow/image-slider-slideshow-18-authenticated-contributor-insecure-direct-object-reference</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-494-authenticated-admin-stored-cross-site-scripting-via-location_messages-parameter</loc>
<lastmod>2026-06-05T15:28:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3-word-address-validation-field/what3words-address-field-4015-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/common-tools-for-site/common-tools-for-site-102-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-25T21:23:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/responsive-contact-form-builder-lead-generation-plugin-189-missing-authorization</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-better-customer-list/better-customer-list-for-woocommerce-123-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tubepressnet/tubepressnet-401-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3223-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/veda/veda-multipurpose-wordpress-theme-42-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-paypal-express-checkout-for-woocommerce/yith-paypal-express-checkout-for-woocommerce-1490-cross-site-request-forgery</loc>
<lastmod>2025-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ds-faq-plus/wp-ds-faq-plus-142-cross-site-scripting</loc>
<lastmod>2020-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-818-authenticated-editor-remote-code-execution</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropshipping-xox/dropshix-4014-authorization-bypass</loc>
<lastmod>2019-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2252-cross-site-request-forgery-via-give_ajax_store_payment_note</loc>
<lastmod>2023-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mihdan-elementor-yandex-maps/mihdan-elementor-yandex-maps-1611-authenticated-contributor-stored-cross-site-scripting-via-marker-pins</loc>
<lastmod>2025-09-29T15:32:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/maxinet/maxinet-internet-iptv-provider-elementor-template-kit-1210-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tax-report-for-woocommerce/tax-report-for-woocommerce-22-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-5713-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-biographia/wp-biographia-400-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gutenberg-products-block/woocommerce-blocks-370-authorization-bypass</loc>
<lastmod>2020-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-qr-codes/qr-code-for-woocommerce-120-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-wp-events/simple-wp-events-1817-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instantio/instantio-3330-unauthenticated-information-exposure</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter-pro/ad-inserter-pro-2715-arbitrary-file-modification</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scalenut/scalenut-113-missing-authorization</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-206-cross-site-request-forgery</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polylang/polylang-373-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/levelfourstorefront/level-four-store-front-8115-arbitrary-file-upload</loc>
<lastmod>2013-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envolve-plugin/envolve-plugin-10-unauthenticated-arbitrary-file-upload-via-language_file-and-fonts_file</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-1466-missing-authorization-to-authenticated-subscriber-wizard-set-up</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/message-ticker/message-ticker-92-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/education/education-center-lms-online-courses-wordpress-theme-3610-php-object-injection</loc>
<lastmod>2025-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/access-category-password/access-category-password-151-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-540-authenticated-contributor-stored-cross-site-scripting-header-meta-content-widget</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-pages/wordpress-landing-pages-184-cross-site-scripting</loc>
<lastmod>2015-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0902-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitcoin-payments/bitcoin-payments-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-41613-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blog/jetblog-243-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2045-low-privileged-stored-cross-site-scripting</loc>
<lastmod>2019-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnetforms/piotnet-forms-1030-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extended-widget-options/widget-options-extended-510-widget-options-401-authenticated-subscriber-information-disclosure</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedburner-feedsmith/feedburner-feedsmith-22-cross-site-request-forgery</loc>
<lastmod>2007-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pet-manager/pet-manager-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/monitor-chat/monitorchat-111-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpstream/wpstream-live-streaming-video-on-demand-pay-per-view-454-cross-site-request-forgery-via-wpstream_update_local_event_settings</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-gutenberg-blocks-for-post-grid-299-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-lite-112-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2025-09-05T15:01:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nice-paypal-button-lite/nice-paypal-button-lite-135-cross-site-request-forgery</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-721-missing-authorization-to-unauthorized-group-access</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-backups/database-backups-1226-cross-site-request-forgery</loc>
<lastmod>2021-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1221-missing-authorization-on-hubspot_support_request-ajax-function</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-camp/elementcamp-232-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-file-changes-monitor/melapress-file-monitor-210-authenticated-admin-authenticated-sql-injection</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-263-authenticated-admin-sql-injection</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-426-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-logfilter-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-gdpr-compliance/gdpr-ccpa-compliance-support-274-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-to-twitter/post-to-twitter-07-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-wp-business-directory-plugin-and-classified-listings-directory-2897-authenticated-subscriber-stored-cross-site-scripting-via-display_name-parameter</loc>
<lastmod>2025-02-10T22:19:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yolox/yolox-1015-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-rating/multi-rating-505-cross-site-request-forgery</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beyondcart/beyondcart-connector-301-missing-configuration-of-jwt-secret-to-unauthenticated-privilege-escalation-via-determine_current_user-filter</loc>
<lastmod>2025-09-10T18:48:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta-manager/user-meta-manager-349-reflected-cross-site-scripting</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/parabola/parabola-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nktagcloud/better-tag-cloud-0995-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/continually/continually-431-authenticated-administrator-stored-cross-site-scripting-via-continually_embed_code-parameter</loc>
<lastmod>2026-05-11T20:38:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jscrollpane/wp-jscrollpane-203-reflected-cross-site-scripting</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-counter/simple-download-counter-20-authenticated-author-arbitrary-file-read</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/paypal-donation-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-787-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopbuilder/shopbuilder-elementor-woocommerce-builder-addons-218-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediaburst-email-to-sms/clockwork-sms-plugins-multiple-versions-cross-site-scripting</loc>
<lastmod>2017-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/etta/etta-1140-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sl-user-create/sl-user-create-025-information-disclosure</loc>
<lastmod>2013-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21043-authenticated-contributor-stored-cross-site-scripting-via-title_tag-parameter</loc>
<lastmod>2025-01-09T18:53:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groups/groups-370-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-group-join</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telecash-ricaricaweb/telecash-ricaricaweb-22-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dandelion/dendelion-266-arbitrary-file-upload</loc>
<lastmod>2014-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-146-authenticated-admin-sql-injection</loc>
<lastmod>2025-12-01T21:39:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-298-authenticated-subscriber-missing-authorization-to-plugin-options-update</loc>
<lastmod>2025-01-06T16:09:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/perfect-portfolio/perfect-portfolio-124-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-pro-lite/slider-pro-lite-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T15:04:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-user-role-editor/wpfront-user-role-editor-423-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-and-operating-system-finder/browser-and-operating-system-finder-11-cross-site-request-forgery</loc>
<lastmod>2021-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteorigin-panels/page-builder-by-siteorigin-205-reflected-cross-site-scripting</loc>
<lastmod>2015-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zoner/zoner-real-estate-41-cross-site-scripting</loc>
<lastmod>2019-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carspot/carspot-dealership-wordpress-classified-theme-243-unauthenticated-arbitrary-password-resetaccount-takeover</loc>
<lastmod>2025-02-17T20:04:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-hygiene/media-hygiene-402-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-login/heateor-login-social-login-plugin-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T17:52:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-262-authenticated-contributor-stored-cross-site-scripting-via-html-tags</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-subscribe-list/mail-subscribe-list-213-cross-site-request-forgery</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-social-share-buttons/html-social-share-buttons-2116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T13:40:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-5512-missing-authorization</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wen-logo-slider/wen-logo-slider-340-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-352-cross-site-scripting</loc>
<lastmod>2013-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gestion-tarifs/gestion-de-tarifs-14-authenticated-contributor-sql-injection</loc>
<lastmod>2025-08-14T20:16:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fb-autoconnect/wp-fb-autoconnect-405-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2014-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3302-reflected-cross-site-scripting</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-templates/skt-templates-elementor-gutenberg-templates-614-reflected-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coming-soon-product/woocommerce-coming-soon-product-with-countdown-50-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-slider/product-slider-for-woocommerce-263-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fitness-trainer/fitness-trainer-171-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-plus/disable-comments-delete-all-comments-130-missing-authorization</loc>
<lastmod>2026-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rognone/rognone-062-reflected-cross-site-scripting-via-a-parameter</loc>
<lastmod>2026-06-01T19:44:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-5018-unauthenticated-sql-injection</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-faq/flexible-faq-02-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-types/wp-easy-post-types-144-authenticated-subscriber-missing-authorization-via-multiple-functions</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/project-panorama-lite/panorama-wordpress-project-management-plugin-15-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elite-video-player/elite-video-player-1005-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dont-muck-my-markup/dont-muck-my-markup-18-cross-site-request-forgery</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oss-upload/oss-upload-489-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vkontakte-cross-post/vkontakte-cross-post-032-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist/wishlist-1044-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-of-goods-for-woocommerce/cost-of-goods-sold-cogs-cost-profit-calculator-for-woocommerce-328-reflected-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frizzly/frizzly-110-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ryviu/ryviu-product-reviews-for-woocommerce-3126-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-3373-open-redirect</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formlift/formlift-for-infusionsoft-web-forms-7517-unauthenticated-sql-injection</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pre-orders/woocommerce-pre-orders-202-cross-site-request-forgery</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-mail-by-constant-contact/creative-mail-154-cross-site-request-forgery-to-settings-disconnect</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mikado-core/mikado-core-16-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-custom-css/my-custom-css-php-ads-33-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-08T20:34:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-432-improper-missing-encryption-exception-handling-to-authentication-bypass</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-178-authenticatedcontributor-stored-cross-site-scripting-via-meta-fields</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solene-core/solene-core-232-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/handsome-testimonials/handsome-testimonials-reviews-211-authenticated-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/outdooractive-embed/outdooractive-embed-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:07:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-by-wbw-297-unauthenticated-sql-injection</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remote-content-shortcode/remote-content-shortcode-15-authenticatedcontributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suretriggers/ottokit-1120-authenticated-administrator-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seamless-donations/seamless-donations-a-platform-for-global-fundraising-and-rebuilding-using-stripe-and-paypal-5112-cross-site-scripting</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-in-post/menu-in-post-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-12712-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-survey-versus-poll-image-poll-video-poll-240-authenticated-administrator-sql-injection-via-orderby-parameter</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-scheduler-great-for-holidays-events-and-more/logo-scheduler-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-member-type-manager/bp-member-type-manager-101-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-316-authenticated-admin-stored-cross-site-scripting-via-critical-css-rules</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mamita/mamita-109-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speakout/speakout-email-petitions-465-unauthenticated-sql-injection</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-unlock/subscribe-to-unlock-115-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-ajax-navigation/yith-woocommerce-ajax-product-filter-3110-cross-site-scripting</loc>
<lastmod>2020-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-cross-site-request-forgery-via-queue_posts</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-maps-by-supsystic/ultimate-maps-by-supsystic-1215-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-create-native-android-ios-apps-on-the-cloud-4152-authentication-bypass-to-account-takeover</loc>
<lastmod>2024-08-14T14:08:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/idyllic/idyllic-118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-and-drink-menu/five-star-restaurant-menu-2414-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/candidate-application-form/candidate-application-form-13-arbitrary-file-download</loc>
<lastmod>2015-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-image-slider/header-image-slider-03-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/best-wordpress-gallery-plugin-foogallery-247-authenticatedadministrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-team-members-showcase-plugin-441-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pocket-urls/wp-pocket-urls-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skimlinks/skimlinks-affiliate-marketing-tool-13-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-aweber-newsletter-subscription/woocommerce-aweber-newsletter-subscription-402-missing-authorization-to-access-token-modification</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stratum/stratum-widgets-for-elementor-161-missing-authorization</loc>
<lastmod>2025-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mindbody-access-management/mz-mbo-access-208-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-mpg-3319-authenticated-administrator-sql-injection-in-projects_list-and-total_projects</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-tables-and-charts-manager-for-wordpress-31114-missing-authorization-to-authenticated-subscriber-arbitrary-chart-creation-and-modification-via-renderchartpages-and-uploaddata-functions</loc>
<lastmod>2026-05-27T19:31:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/migrate-users/migrate-users-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-2613-missing-authorization-to-unauthenticated-arbitrary-attachment-download</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-325-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-a-complete-recruitment-system-for-company-or-job-board-website-224-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-01-02T19:25:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-polls/wp-polls-2760-race-condition</loc>
<lastmod>2022-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/planty/planty-1140-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/organization-chart/organization-chart-141-missing-authorization</loc>
<lastmod>2022-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gm-woocommerce-quote-popup/product-enquiry-for-woocommerce-30-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpaudio-mp3-player/wpaudio-mp3-player-402-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/woocommerce-amazon-affiliates-wordpress-plugin-14010-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/create-db-tables/create-db-tables-121-missing-authorization-to-authenticated-subscriber-arbitrary-database-table-creationdeletion-via-admin-postphp</loc>
<lastmod>2026-04-21T19:08:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2920-cross-site-request-forgery-via-process_bulk_action</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-508-authenticated-subscriber-sql-injection-via-wppm_proj_filter-parameter</loc>
<lastmod>2026-06-30T15:19:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-wootable/woocommerce-shop-page-builder-2277-reflected-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-school-registration/easy-school-registration-398-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-api-for-wp/custom-api-for-wp-422-unauthenticated-sql-injection</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salient-shortcodes/salient-shortcodes-153-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/highlight-focus/highlight-focus-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-invoice/easy-invoice-209-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitypub/activitypub-0170-authenticated-subscriber-insecure-direct-object-reference-to-sensitive-post-title-exposure</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laposta-signup-basic/laposta-signup-basic-141-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-vp2-html5-rightside/html5-video-player-with-playlist-multiple-skins-535-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-calendly-scheduling/embed-calendly-36-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2948-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-icon-badge/ns-product-icon-badge-124-reflected-cross-site-scripting-via-php_self</loc>
<lastmod>2026-05-26T17:24:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-tabs-for-wpbakery/responsive-tabs-for-wpbakery-page-builder-11-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadinfo/leadinfo-11-missing-authorization-to-unauthenticated-settings-change</loc>
<lastmod>2025-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-via-ajax_save_state</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-265-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-shipos-delivery/deliver-via-shipos-for-woocommerce-302-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calj/calj-15-authenticated-subscriber-arbitrary-settings-modification-via-save-obtained-key-action</loc>
<lastmod>2026-04-21T19:08:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.0/wordpress-mu-10-cross-site-scripting</loc>
<lastmod>2007-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-661-authenticated-information-disclosure</loc>
<lastmod>2020-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker-volunteer-roles/rsvpmaker-volunteer-roles-151-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-polls/wp-polls-271-sql-injection</loc>
<lastmod>2019-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-and-drink-menu/five-star-restaurant-menu-and-food-ordering-2410-unauthenticated-php-object-injection</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-popup/jetpopup-20201-authenticated-contributor-insecure-direct-object-reference</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-related-posts/inline-related-posts-380-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemelandco-woo-report/woocommerce-report-151-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2024-11-04T19:57:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-order-limit-lite/order-limit-for-woocommerce-200-missing-authorization</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-checker-real-time/responsive-check-003-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:22:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weather-layer/weather-layer-421-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings-xml-csv-import/import-into-easy-property-listings-221-cross-site-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-392-cross-site-scripting</loc>
<lastmod>2015-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-professional/google-map-professional-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-download/easy-media-download-115-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastpicker/fastpicker-an-order-picker-and-order-management-system-oms-for-woocommerce-on-steroids-102-cross-site-request-forgery-via-settings-save</loc>
<lastmod>2026-06-08T15:05:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolementor/codesigner-woocommerce-builder-for-elementor-customize-checkout-shop-email-products-more-441-unauthenticated-php-object-injection</loc>
<lastmod>2024-06-12T19:54:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/brook/brook-290-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gmail-smtp/gmail-smtp-107-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplified/simplified-plugin-106-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/garagesale/garagesale-123-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/citations-tools/citations-tools-032-authenticated-contributor-stored-cross-site-scripting-via-code-shortcode-attribute</loc>
<lastmod>2026-02-13T16:19:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-student-results/easy-student-results-228-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-wordpress-lms-plugin-for-elearning-751-missing-authorization-via-process_review</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/morkva-ua-shipping/morkva-ua-shipping-179-authenticated-administrator-stored-cross-site-scripting-via-weight-kg-field</loc>
<lastmod>2026-03-03T12:44:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prowess/prowess-23-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-by-cookie/redirect-by-cookie-106-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ifolders/ifolders-150-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-simple-wordpress-forms-plugin-1333-cross-site-request-forgery</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-4028-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitcoin-lightning-publisher/bitcoin-lightning-publisher-for-wordpress-141-reflected-cross-site-scripting</loc>
<lastmod>2024-12-23T16:50:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-491-missing-authorization</loc>
<lastmod>2025-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revolution_video_player/revolution-video-player-with-bottom-playlist-292-reflected-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodlayers-core/goodlayers-core-212-authenticated-subscriber-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proteccion-datos-rgpd/proteccin-de-datos-rgpd-068-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-plugin-0973-reflected-cross-site-scripting</loc>
<lastmod>2019-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ewww-image-optimizer/ewww-image-optimizer-720-unauthenticated-sensitive-information-exposure-via-debug-log</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-510-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-highlight/just-highlight-103-authenticated-administrator-stored-cross-site-scripting-via-highlight-color-setting</loc>
<lastmod>2025-11-24T19:13:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-posts-widget/ultimate-posts-widget-230-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress/loginpress-custom-login-page-customizer-162-missing-authorization-to-settings-changes</loc>
<lastmod>2022-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-344-cross-site-scripting</loc>
<lastmod>2012-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1315-unauthenticated-stored-cross-site-scripting-via-platform</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-4211-cross-site-scripting</loc>
<lastmod>2017-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-shipping-ups/woocommerce-ups-shipping-live-rates-and-access-points-224-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weluka-lite/weluka-lite-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-14T14:26:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-327-authenticated-contributor-stored-cross-site-scripting-via-video-widget</loc>
<lastmod>2024-09-24T23:43:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kkprogressbar/kkprogressbar2-free-1142-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-640-arbitrary-file-upload</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-316-missing-authorization-in-several-ajax-actions</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-enable-users-to-submit-posts-from-the-front-end-20230811-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-52-unauthenticated-os-command-injection</loc>
<lastmod>2019-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-css-js-php/custom-css-js-php-207-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fusion-lite/wp-fusion-lite-34124-authenticated-contributor-remote-code-execution</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1065-cross-site-request-forgery</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-import-export-for-woo/product-import-export-for-woocommerce-250-directory-traversal-to-authenticated-administrator-limited-arbitrary-file-deletion-via-admin_log_page-function</loc>
<lastmod>2025-03-25T23:22:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aruba-hispeed-cache/aruba-hispeed-cache-304-cross-site-request-forgery-to-plugin-settings-reset</loc>
<lastmod>2026-04-09T12:50:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-3206-reflected-cross-site-scripting</loc>
<lastmod>2023-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-monster/seo-monster-333-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T18:50:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kubio/kubio-ai-page-builder-235-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-most-advanced-wordpress-marketing-toolkit-469-authenticated-contributor-sql-injection-via-shortcodes</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-822-authenticated-subscriber-second-order-sql-injection</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-amazon-affiliates-light-version/wzone-lite-31-cross-site-request-forgery</loc>
<lastmod>2022-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sherk-custom-post-type-displays/sherk-custom-post-type-displays-121-authenticated-contributor-stored-cross-site-scripting-via-title-shortcode-attribute</loc>
<lastmod>2026-03-20T15:09:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-news-ticker/jquery-news-ticker-31-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-addons-for-elementor/responsive-addons-for-elementor-208-missing-authorization</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-372-unauthenticated-sql-injection</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/service-booking-manager/appointment-booking-plugin-for-woocommerce-wpbookingly-all-in-one-service-manager-129-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-1112-authenticated-admin-sql-injection-via-order-and-limit-parameters</loc>
<lastmod>2026-06-05T10:44:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp/rsvp-and-event-management-2713-missing-authorization</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4293-missing-authorization-to-unauthenticated-database-table-manipulation</loc>
<lastmod>2025-10-17T18:38:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qc-simple-link-directory/simple-link-directory-1481-reflected-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-617-reflected-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel/wp-travel-770-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/roi-calculator/roi-calculator-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletin-announcements/announcement-notification-banner-bulletin-360-missing-authorization-checks</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/oauth-single-sign-on-sso-oauth-client-62612-authentication-bypass-via-get_resource_owner_from_id_token</loc>
<lastmod>2025-10-03T14:11:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hurrytimer/hurrytimer-an-scarcity-and-urgency-countdown-timer-for-wordpress-woocommerce-2142-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-content-shortcode/custom-content-shortcode-402-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bannerize-pro/wp-bannerize-pro-1100-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-responsive-image-slider-1254-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/grow-social-1182-reflected-cross-site-scripting</loc>
<lastmod>2021-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-dropshipping/woocommerce-dropshipping-premium-524-missing-authorization</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-search/wp-advanced-search-116-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipanorama-360-virtual-tour-builder-lite/ipanorama-360-wordpress-virtual-tour-builder-183-missing-authorization</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1821-reflected-cross-site-scripting-via-thumb_url</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-made-easy/events-made-easy-2314-authenticated-subscriber-sql-injection-via-search_name</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/additional-order-filters-for-woocommerce/additional-order-filters-for-woocommerce-122-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmarketplace/wp-marketplace-complete-shopping-cart-ecommerce-solution-121-arbitrary-file-upload</loc>
<lastmod>2012-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-savetranslationstay-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-tables-and-charts-manager-for-wordpress-379-authenticated-contributor-phar-deserialization</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-flv/smart-flv-10-cross-site-scripting</loc>
<lastmod>2013-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-342-missing-authorization-to-authenticated-subscriber-attendee-list-retrieval</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-294-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-ultimate-wordpress-woocommerce-theme-1291-authenticated-contributor-stored-cross-site-scripting-via-the7_fancy_title_css</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-event-manager/quick-event-manager-974-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitydonation-thermometer/charity-thermometer-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-cross-site-scripting-in-oembed</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/terawallet-for-woocommerce-1324-cross-site-request-forgery-via-admin_options</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-153-cross-site-request-forgery</loc>
<lastmod>2020-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-post-navigation/admin-post-navigation-21-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-26T13:08:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nifty-coming-soon-and-under-construction-page/coming-soon-maintenance-mode-page-157-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-settings/blog-settings-10-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2026-05-04T14:07:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-twitch-integration/streamweasels-twitch-integration-186-authenticated-contributor-stored-cross-site-scripting-via-sw-twitch-embed-shortcode</loc>
<lastmod>2024-10-18T20:37:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3422-stored-cross-site-scripting</loc>
<lastmod>2020-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happyfiles-pro/happyfiles-pro-181-missing-authorization</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wibiya/wibiya-toolbar-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitor-maps-extended-referer-field/visitor-maps-extended-referer-field-126-reflected-cross-site-scripting</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3203-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agecheckernet/age-verification-for-your-checkout-page-verify-your-customers-identity-1200-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-454-pro-227-free-missing-authorization-via-get_virtual_users</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-youtube-video/show-youtube-video-11-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-03-06T18:47:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fantastic-elasticsearch/fantastic-elasticsearch-410-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/general-options/general-options-110-authenticated-administrator-stored-cross-site-scripting-via-ad_contact_number-parameter</loc>
<lastmod>2026-05-19T12:04:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-wpforms/pdf-for-wpforms-530-missing-authorization-to-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiny-carousel-horizontal-slider/tiny-carousel-horizontal-slider-81-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-column-tag-map/multi-column-tag-map-17026-cross-site-request-forgery</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hr-press-lite/hr-press-lite-102-missing-authorization-to-authenticated-subscriber-sensitive-employee-information-exposure</loc>
<lastmod>2026-03-20T15:15:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-custom-styles/tinymce-custom-styles-113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cassify/wp-cassify-235-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-shortcodes/wpzoom-shortcodes-101-reflected-cross-site-scripting</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-238-csv-injection</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbrutalai/wp-brutal-ai-201-reflected-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnipress/omnipress-167-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-instagram-feed/ultimate-instagram-feed-wordpress-plugin-131-cross-site-scripting</loc>
<lastmod>2017-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-llama/quotes-llama-310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-builder-for-elementor/theme-builder-for-elementor-123-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-gallery-1124-authenticated-author-stored-cross-site-scripting-via-arrows-parameter</loc>
<lastmod>2026-05-13T14:42:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-by-supsystic/popup-by-supsystic-1108-sensitive-information-disclosure</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator/seraphinite-accelerator-base-cache-only-22031-cross-site-request-forgery</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-396-cross-site-request-forgery-to-firebase-server-key-update</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-live-scores/football-live-scores-15-missing-authorization</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinly/optinly-1015-cross-site-request-forgery</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klaviyo/klaviyo-307-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wheel-of-life/wheel-of-life-118-missing-authorization</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-security-aios-547-unauthenticated-stored-cross-site-scripting-via-rest-api-request-path</loc>
<lastmod>2026-06-05T11:51:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-lead-form/listingpro-lead-form-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-tooltip/the-tooltip-102-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-08T21:20:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tochat-be/tochatbe-134-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-meta-tags/simple-meta-tags-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-attachment/comment-attachment-155-cross-site-scripting</loc>
<lastmod>2013-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bounce-handler-mailpoet/bounce-handler-mailpoet-3-1321-reflected-cross-site-scripting</loc>
<lastmod>2024-11-15T15:04:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coub/coub-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pj/pj-life-business-coaching-300-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table-addon-for-elementor/pricing-table-addon-for-elementor-100-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/better-wp-security-324-multiple-cross-site-scripting</loc>
<lastmod>2012-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uss-upyun/uss-upyun-150-cross-site-request-forgery</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-attractive-donations-system-easy-stripe-paypal-donations/wp-attractive-donations-system-129-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-ready-lite/elementsready-addons-for-elementor-610-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T15:36:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-362-missing-authorization</loc>
<lastmod>2025-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-51012-missing-authorization</loc>
<lastmod>2024-12-21T12:54:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-cam/web-cam-30-authenticated-contributor-stored-cross-site-scripting-via-slug-parameter</loc>
<lastmod>2025-06-25T14:07:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-plus/grid-plus-132-missing-authorization-to-authenticated-subscriber-grid-layout-addupdatedelete</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-table-of-content/cm-table-of-contents-122-cross-site-request-forgery</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-website-builder-45110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intuitive-custom-post-order/intuitive-custom-post-order-313-cross-site-request-forgery</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/time-slots-booking-form-1242-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/splash/splash-sport-club-wordpress-theme-for-basketball-football-hockey-443-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-replace-affiliate-links-for-amazon/add-amp-replace-affiliate-links-for-amazon-106-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1343-authenticated-path-traversal</loc>
<lastmod>2017-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-books-gallery/wordpress-books-gallery-448-cross-site-request-forgery-leading-to-plugin-settings-changes</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chinchilla/chinchilla-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b2bking-wholesale-for-woocommerce/b2bking-4600-missing-authorization-to-authenticatedsubscriber-information-disclosure</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiebot/cookie-banner-plugin-for-wordpress-cookiebot-cmp-by-usercentrics-441-missing-authorization-to-authenticated-subscriber-survey-submission</loc>
<lastmod>2025-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-krpano/wp-krpano-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-logic/widget-logic-605-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-forms/caldera-forms-196-reflected-cross-site-scripting-via-cf-api</loc>
<lastmod>2022-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-355-reflected-cross-site-scripting</loc>
<lastmod>2016-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customized-login/login-manager-design-login-page-view-login-activity-limit-login-attempts-205-authenticated-administrator-stored-cross-site-scripting-via-custom-url</loc>
<lastmod>2025-04-17T12:41:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sola-support-tickets/sola-support-ticket-318-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-meta-data-and-taxonomies-filter-1335-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-functions/custom-functions-plugin-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-x/crm-perks-wordpress-helpdesk-integration-zendesk-freshdesk-helpscout-115-reflected-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-468-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-386-cross-site-request-forgery</loc>
<lastmod>2024-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse-form/gutenverse-form-231-missing-authorization</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-407-authenticated-administrator-sql-injection</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seers-cookie-consent-banner-privacy-policy/seers-811-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-my-blog/print-my-blog-print-pdf-ebook-converter-3158-unprotected-ajax-actions</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-widgets/dynamic-widgets-151-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/miraculous/miraculous-209-unauthenticated-sql-injection</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-multihotel/js-multi-hotel-221-cross-site-scripting</loc>
<lastmod>2014-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-cursors/wp-custom-cursors-301-authenticated-administrator-sql-injection</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-495-authenticated-stored-cross-site-scripting-via-generator-tag</loc>
<lastmod>2018-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/combo-wp-rewrite-slugs/combo-wp-rewrite-slugs-10-missing-authorization-to-authenticated-subscriber-settings-change</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6069-cross-site-request-forgery</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hello-elementor/hello-elementor-300-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-membership/opal-membership-124-authenticated-subscriber-information-disclosure</loc>
<lastmod>2024-08-09T15:03:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saksh-escrow-system/saksh-escrow-system-24-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-720-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-3221-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rac/woocommerce-recover-abandoned-cart-2460-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2805-authenticated-contributor-stored-cross-site-scripting-via-button</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripplan/trip-plan-1010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-cvs-importer/swfupload-2201-cross-site-scripting</loc>
<lastmod>2012-11-09T20:12:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-204-captcha-bypass</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-files/peepso-core-file-uploads-6460-insecure-direct-object-reference-to-unauthenticated-sensitive-information-exposure-via-file_download</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-1881-authenticatedsubscriber-sensitive-information-exposure-via-blocksy_posts-shortcode</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affs/sumo-affiliates-pro-1100-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-listings/impress-listings-262-authenticated-contributor-stored-cross-site-scripting-via-listing-fields</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-693-unauthenticated-email-creationsending</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-optimizer-wpssk/image-optimizer-by-wpssk-120-cross-site-request-forgery-to-bulk-image-optimization</loc>
<lastmod>2025-12-04T16:39:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-tables-table-charts-premium-632-missing-authorization-to-datatable-access-modification</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-203-improper-access-control</loc>
<lastmod>2018-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-antispam/fv-antispam-27-reflected-cross-site-scripting</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahachat-messenger-marketing/ahachat-messenger-marketing-11-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-391-authenticatedcontributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4200-missing-authorization-to-authenticated-subscriber-booking-note-creation</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advertising-management/wp-advertising-management-103-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-click-migration/1-click-wordpress-migration-plugin-100-free-for-a-limited-time-22-unauthenticated-sensitive-information-exposure-via-database-backup-in-class-ocm-backupphp</loc>
<lastmod>2025-02-17T15:39:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member-pro/s2member-pro-250214-authenticated-contributor-local-file-inclusion-to-remote-code-execution-via-shortcode</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apimo/apimo-connector-2631-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fathom-analytics/fathom-analytics-307-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-everywhere/php-everywhere-203-remote-code-execution-by-subscriber-users-via-shortcode</loc>
<lastmod>2022-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/immonex-kickstart/immonex-kickstart-1130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-feeds/ai-feeds-1022-authenticated-contributor-stored-cross-site-scripting-via-aife_post_meta-shortcode</loc>
<lastmod>2025-12-11T21:24:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-spreadsheets-from-microsoft-excel/import-spreadsheets-from-microsoft-excel-1013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-111-missing-authorization-to-cross-site-scripting</loc>
<lastmod>2020-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/voidek-employee-portal/voidek-employee-portal-107-missing-authorization</loc>
<lastmod>2025-12-04T17:32:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-ultimate-invoice/peprodev-ultimate-invoice-206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-forms-dps-pxpay/gf-windcave-free-143-reflected-cross-site-scripting</loc>
<lastmod>2015-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-select-control-for-elementor/file-select-control-for-elementor-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speedycache/speedycache-118-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-20-modules-all-in-one-solution-formerly-woolentor-310-authenticated-contributor-stored-dom-based-cross-site-scripting-via-flash-sale-countdown-module</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1387-missing-authorization-via-wpr_update_form_action_meta</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hippoo/hippoo-mobile-app-for-woocommerce-171-missing-authorization-to-unauthenticated-limited-file-write</loc>
<lastmod>2025-12-11T17:41:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mow/mow-410-cross-site-request-forgery</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-emmet/wp-emmet-034-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qwiz-online-quizzes-and-flashcards/wordpress-qwizcards-394-reflected-cross-site-scripting</loc>
<lastmod>2025-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postpage-import-export-with-custom-fields-taxonomies/postpage-copying-tool-200-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-responsive-slideshow/slider-responsive-slideshow-image-slider-gallery-slideshow-138-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-create-countdown-coupon-video-contact-form-popups-629-reflected-cross-site-scripting</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-382-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/viral-news/multiple-themes-various-versions-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-475-server-side-request-forgery</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-media-library-lite/real-media-library-42211-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-pro-366-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2024-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-elements/powerpack-pro-for-elementor-21014-authenticated-contributor-privilege-escalation</loc>
<lastmod>2024-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-post/order-post-202-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-09T18:09:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-cross-site-request-forgery-to-arbitrary-post-duplication</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-407-missing-authorization-to-unauthenticated-display-rule-updates</loc>
<lastmod>2026-01-05T15:17:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgsi/spreadsheet-integration-automate-google-sheets-with-wordpress-woocommerce-most-popular-form-plugins-also-display-google-sheet-as-a-table-380-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-09-24T12:20:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eucookielaw/eucookielaw-272-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3891-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sweetjane/sweet-jane-12-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-pages-for-privacy-policy-terms-about-and-contact/automatic-pages-for-privacy-policy-terms-about-contact-us-141-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-progressive-web-apps/super-progressive-web-apps-2221-missing-authorization</loc>
<lastmod>2023-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-slider/carousel-slider-1102-cross-site-request-forgery</loc>
<lastmod>2024-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/x-addons-elementor/x-addons-for-elementor-1016-authenticated-contributor-stored-cross-site-scripting-via-youtube-video-id-field</loc>
<lastmod>2025-10-02T22:36:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otp-login/login-with-otp-142-authentication-bypass-via-weak-otp</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-5103-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-05-12T18:13:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indianic-testimonial/testimonial-23-cross-site-request-forgery</loc>
<lastmod>2013-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-system/banner-system-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hotel-galaxy/hotel-galaxy-4424-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp-pro/wp-erp-pro-151-unauthenticated-sql-injection-via-search_key-parameter</loc>
<lastmod>2026-05-21T14:13:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tc-testimonial/tc-testimonials-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arprice/arprice-413-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pushe-webpush/pushe-web-push-notification-050-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comic-easel/comic-easel-115-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-406-cross-site-request-forgery-via-save</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapster-wp-maps/mapster-wp-maps-1238-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtm-kit/gtm-kit-240-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-350-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-contact/easy-contact-012-reflected-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yuzo-related-post/yuzo-related-posts-51293-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2019-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinmonster/popup-builder-by-optinmonster-1145-remote-code-execution</loc>
<lastmod>2016-01-14T11:25:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ohio-extra/ohio-extra-347-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aperitif/aperitif-16-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/hubbub-lite-fast-reliable-social-network-sharing-buttons-1331-php-object-injection</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-manager/newsletter-manager-14-cross-site-request-forgery</loc>
<lastmod>2014-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seedprod-coming-soon-pro-5/seedprod-pro-61812-authenticated-editor-sql-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-marketplace-370-insecure-direct-object-reference-to-unauthenticated-arbitrary-refund-request-creation</loc>
<lastmod>2026-02-09T18:54:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/innovio/innovio-multipurpose-landing-page-wordpress-theme-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2137-authentication-bypass-via-pms_payment_id</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edukart-pro/edukart-pro-103-unauthenticated-privilege-escalation</loc>
<lastmod>2025-11-24T15:49:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-304-cross-site-scripting</loc>
<lastmod>2017-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2j-slideshow/slideshow-image-slider-by-2j-1354-reflected-cross-site-scripting-via-post</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-301-meta/seo-301-meta-191-stored-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-3412-authenticated-contributor-sql-injection</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anant-addons-for-elementor/anant-addons-for-elementor-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hd-quiz/hd-quiz-1811-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weather-effect/weather-effect-christmas-santa-snow-falling-135-stored-cross-site-scripting</loc>
<lastmod>2021-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-block-ips/login-block-ips-100-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lock-my-bp/wbcom-designs-211-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forty-four/forty-four-404-plugin-for-wordpress-14-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm/osm-openstreetmap-6112-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-debug/wp-email-debug-10-110-missing-authorization-to-unauthenticated-privilege-escalation-via-password-reset</loc>
<lastmod>2025-06-05T17:34:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase/team-showcase-21-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7111-authenticatedauthor-arbitrary-file-upload-via-zip-extraction</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pop-up/pop-up-chop-chop-217-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/image-gallery-responsive-photo-gallery-206-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4151-authenticated-contributor-stored-cross-site-scripting-via-profilepress-edit-profile-shortcode</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seekxl-snapr/seekxl-snapr-206-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-card-by-esterox-100/business-card-100-cross-site-request-forgery-to-card-edit</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-portfolio-post/themify-portfolio-post-121-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-487-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/decon-wp-sms/decon-wp-sms-11-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-composite-products/wpc-composite-products-for-woocommerce-727-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-accessibility-helper/wp-accessibility-helper-0628-missing-authorization-to-authenticated-subscriber-limited-settings-update</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-fetcher/content-fetcher-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ptypeconverter/ptypeconverter-0281-authenticated-editor-sql-injection</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-85-authenticated-contributor-stored-cross-site-scripting-via-piechart_settings-parameter</loc>
<lastmod>2024-09-24T21:40:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/child-themes/child-themes-101-reflected-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyjobs/easyjobs-147-reflected-cross-site-scripting</loc>
<lastmod>2022-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixfields/pixfields-070-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soisy-pagamento-rateale/soisy-pagamento-rateale-601-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/square/square-200-missing-authorization-via-activate_plugin</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-gold/advanced-google-maps-584-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3130-missing-authorization-to-unauthenticated-event-settings-update</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invitation-code-content-access/invitation-code-content-restriction-plugin-from-creativeminds-154-reflected-cross-site-scripting</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button/button-1127-authenticated-contributor-php-object-injection-in-button_shortcode</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opcache/opcache-dashboard-031-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3625-authenticated-administrator-stored-html-injection</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-viewer/library-viewer-320-reflected-cross-site-scripting</loc>
<lastmod>2026-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i2-pro-cons/i2-pros-cons-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-502-reflected-cross-site-scripting</loc>
<lastmod>2019-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uk-cookie/uk-cookie-11-cross-site-scripting</loc>
<lastmod>2012-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik/oik-4103-authenticated-contributor-stored-cross-site-scripting-via-bw_button-shortcode</loc>
<lastmod>2024-07-08T23:21:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dewplayer-flash-mp3-player/dewplayer-12-cross-site-scripting</loc>
<lastmod>2014-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-payfast/paid-memberships-pro-payfast-gateway-add-on-141-unauthenticated-information-exposure</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/columns-bws/columns-by-bestwebsoft-103-authenticated-contributor-stored-cross-site-scripting-via-columns-shortcode-id-attribute</loc>
<lastmod>2026-04-07T17:37:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/stratus/stratus-425-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/promobar/promobar-by-bestwebsoft-customizable-advertisement-banner-for-wordpress-website-110-reflected-cross-site-scripting</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3-video/s3-video-plugin-098-cross-site-scripting</loc>
<lastmod>2013-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-elementor-editor-translation/disable-elementor-editor-translation-102-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realhomes/realhomes-437-missing-authorization</loc>
<lastmod>2023-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tediss/tediss-124-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3349-missing-authorization-to-authenticated-subscriber-user-email-enumeration-via-user-parameter</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-31-334-improper-authorization-to-paywall-bypass</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/total-donations/total-donations-308-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/letterpress/letterpress-122-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements/thegem-theme-elements-for-wpbakery-51051-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-page-builder-features-331-authenticated-contributor-stored-cross-site-scripting-via-icon-widget</loc>
<lastmod>2024-10-31T19:06:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/player/spidervplayer-151-cross-site-scripting</loc>
<lastmod>2014-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-162-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-chat/quick-chat-400-sql-injection</loc>
<lastmod>2012-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-license-manager/woocommerce-license-manager-706-authenticated-shop-manager-arbitrary-file-upload</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-ticket-system-for-woocommerce/helpdesk-support-ticket-system-for-woocommerce-211-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pearl-header-builder/pearl-139-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multilanguage/multilanguage-by-bestwebsoft-152-missing-authorization</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digirisk/digirisk-6000-reflected-cross-site-scripting</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dw-question-answer/dw-question-answer-1423-stored-cross-site-scripting</loc>
<lastmod>2016-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-player-75467212-authenticated-subscriber-sql-injection-via-exclude-parameter</loc>
<lastmod>2024-07-18T19:26:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/movylo-widget/movylo-marketing-automation-207-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-database-based-actions/external-database-based-actions-01-authenticated-subscriber-authentication-bypass</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookit/bookit-booking-appointment-calendar-251-missing-authorization</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/blubrry-powerpress-11152-authenticated-contributor-arbitrary-file-upload-via-powerpress_edit_post</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-quick-plugin-disabler/meks-quick-plugin-disabler-10-cross-site-request-forgery</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-pagination/ajax-pagination-twitter-style-11-local-file-inclusion</loc>
<lastmod>2014-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dark-mode/wp-dark-mode-407-authenticated-subscriber-local-file-inclusion-via-style</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxypress/foxypress-0427-open-redirect</loc>
<lastmod>2012-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-deleteredirect-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandblog/grand-blog-31-cross-site-request-forgery</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-wp-business-directory-plugin-and-classified-listings-directory-28157-missing-authorization</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-4026-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/travel-booking-wordpress-theme-3281-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-752-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-import-export-for-woo/product-import-export-for-woocommerce-250-authenticated-admin-php-object-injection-via-form_data-parameter</loc>
<lastmod>2025-03-25T23:23:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-437-missing-authorization-in-create_mollie_account</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-5126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hackrepair-plugin-archiver/the-hack-repair-guys-plugin-archiver-204-authenticated-administrator-arbitrary-file-deletion</loc>
<lastmod>2025-09-12T09:16:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-buttons-social-sharing-icons-285-cross-site-request-forgery</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-269-authenticated-contributor-stored-cross-site-scripting-via-covid-19-stats-widget</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-680-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-extended/advanced-custom-fields-extended-0921-unauthenticated-privilege-escalation-via-insert-user-form-action</loc>
<lastmod>2026-01-19T21:07:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-malware-removal/malcure-malware-scanner-1-toolset-for-wordpress-malware-removal-170-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-07-15T18:16:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-207-unauthenticated-server-side-request-forgery-via-font_url</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox2/responsive-lightbox2-102-cross-site-scripting</loc>
<lastmod>2020-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-278-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1601-reflected-cross-site-scripting-via-mode</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-seo/auto-seo-256-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/datamentor/datamentor-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catfolders/catfolders-253-missing-authorization</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-backed-notices/hide-dashboard-notifications-13-missing-authorization-to-authenticatedcontributor-plugin-settings-modification</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-logo-showcase-lite/smart-logo-showcase-lite-119-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/images-optimizer/plugin-ab-image-optimizer-33-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-social-feeds/my-social-feeds-104-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-ttp_get_accounts-ajax-action</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1322-reflected-cross-site-scripting-via-dn</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-live/live-css-13-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fiorello/fiorello-10-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-and-user-login-plugin-4601-cross-site-scripting</loc>
<lastmod>2020-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/location-weather/location-weather-302-missing-authorization-to-authenticated-contributor-block-settings-modification-and-cache-purging</loc>
<lastmod>2026-05-21T14:36:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fivestar/fivestar-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate-pro/idonatepro-2111-missing-authorization</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-159-full-path-disclosure</loc>
<lastmod>2024-07-10T13:42:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-woocommerce-add-to-cart-button-text/change-woocommerce-add-to-cart-button-text-13-missing-authorization-via-rexvs_settings_submit</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sevenstars/seven-stars-144-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-092-reflected-cross-site-scripting</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-714-authentication-bypass</loc>
<lastmod>2016-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wetransfer/smart-wetransfer-13-missing-authorization</loc>
<lastmod>2025-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta/user-meta-user-profile-builder-and-user-management-plugin-312-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-09-10T18:50:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-builder/chartify-wordpress-chart-plugin-295-unauthenticated-local-file-inclusion-via-source</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/projecthuddle-child-site/projecthuddle-client-site-1034-missing-authorization-via-ph_child_ajax_notice_handler</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-16110-missing-authorization</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-s3-smart-upload/ssu-150-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realpress/realpress-real-estate-plugin-110-cross-site-request-forgery</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp/rsvp-and-event-management-2716-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-2103-authenticatedcontributor-cross-site-scripting-via-custom-css</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knews/knews-multilingual-newsletters-plugin-170-sql-injection</loc>
<lastmod>2015-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-email-marketer/wp-ultimate-email-marketer-110-stored-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-app-online/build-app-online-1023-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/stockholm/stockholm-9141-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-meta-data-manager/post-meta-data-manager-121-cross-site-request-forgery-to-post-term-and-user-meta-deletion</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-image-store/cp-image-store-with-slideshow-107-arbitrary-file-download</loc>
<lastmod>2015-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-experiments-free/title-experiments-free-904-missing-authorization</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-252-missing-authorization-to-unauthenticated-database-export</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-865-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-security-512-information-disclosure</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/deston/deston-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forum-server/wp-forum-server-174-sql-injection</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-any-api/contact-form-to-any-api-116-missing-authorization-via-delete_cf7_records</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-2228-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeba-cute-forkit/jeba-cute-forkit-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T15:10:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-queue/mail-queue-11-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1587-unauthenticated-sql-injection-via-bwg_tag_id_bwg_thumbnails_0-parameter</loc>
<lastmod>2022-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-571-authenticated-author-server-side-request-forgery</loc>
<lastmod>2025-10-17T16:25:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dt-the7-core/the7-elements-2712-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-5775-missing-authorization-via-ebook_store_export_orders</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webling/webling-390-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-tag-creator/auto-tag-creator-102-missing-authorization-via-tag_save_settings_callback</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-3816-reflected-cross-site-scripting</loc>
<lastmod>2021-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-61-local-file-inclusion</loc>
<lastmod>2016-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesalex/wholesalex-woocommerce-wholesale-plugin-wholesale-prices-dynamic-pricing-tiered-pricing-132-unauthenticated-php-object-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendarista-basic-edition/calendarista-basic-edition-302-unauthenticated-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wish-list/my-wish-list-142-cross-site-scripting</loc>
<lastmod>2015-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/activello/activello-144-reflected-cross-site-scripting</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-57-unauthenticated-stored-cross-site-scripting-via-nameservers-and-_msg</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-quickpay/wp-ecommerce-quickpay-110-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-collapse-o-matic/collapse-o-matic-1858-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-14T20:12:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flv-embed/flv-embed-121-cross-site-request-forgery-to-options-update</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundy-background-music/soundy-background-music-31-reflected-cross-site-scripting</loc>
<lastmod>2016-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-wordpress-currency-switcher-professional-119-missing-authorization-to-arbitrary-custom-drop-down-currency-switcher-editing</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-408-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/striking-r/striking-234-reflected-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/bookly-217-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-supersized/wp-supersized-316-cross-site-request-forgery</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-3d-flipbook-powered-physics-engine/3d-flipbook-1132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-fifu-453-authenticated-contributor-stored-cross-site-scripting-via-featured-image-alt-text</loc>
<lastmod>2023-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date-for-woocommerce/order-delivery-date-for-woocommerce-410-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-moneytizer/the-moneytizer-9520-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-multi-step-form-calculation-contact-form-payment-contact-form-custom-contact-form-builder-20-2134-authenticater-administrator-arbitrary-file-deletion</loc>
<lastmod>2024-08-19T14:58:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-cronlogdeleteoption-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/uminex/uminex-109-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anonform-embedded-secure-form/anonform-embedded-secure-form-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/verdure/verdure-16-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1130-authenticated-accountingmanager-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shoutbox-live-chat/steveas-wp-live-chat-shoutbox-142-unauthenticated-sql-injection</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms4wp/sms-for-wordpress-118-reflected-cross-site-scripting</loc>
<lastmod>2025-11-04T14:26:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thinktwit/thinktwit-171-stored-cross-site-scripting</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookit/bookit-243-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/6storage-rentals/6storage-rentals-2200-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ekc-tournament-manager/ekc-tournament-manager-221-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncode-core/uncode-core-286-reflected-cross-site-scripting</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-event-calendar/timely-all-in-one-events-calendar-2538-cross-site-scripting</loc>
<lastmod>2019-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3267-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-301-unspecified-vulnerability</loc>
<lastmod>2014-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/taina/tain-024-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/horizontal-scrolling-announcement/horizontal-scrolling-announcement-92-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/corona-virus-covid-19-banner/corona-virus-covid-19-banner-live-data-1803-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-easy-seo/boldgrid-easy-seo-simple-and-effective-seo-1614-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ft-rockpress/rockpress-1017-missing-authorization-to-authenticated-subscriber-arbitrary-modification-via-ajax-actions</loc>
<lastmod>2026-03-19T19:51:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-263-unauthenticated-information-exposure-via-log-file</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-3165-missing-authorization-to-authenticated-contributor-arbitrary-content-deletion</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navegg/navegg-analytics-333-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aikit-wordpress-ai-writing-assistant-using-gpt3/aikit-4141-authenticated-contributor-sql-injection</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-optimizer-wd/image-optimizer-wd-1026-reflected-cross-site-scripting</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/great-lotus/great-lotus-buddhist-temple-wordpress-theme-rtl-131-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vivagh/vivagh-24-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-help/ai-content-writer-rss-feed-to-post-autoblogging-seo-help-613-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticket-ultra/wp-ticket-ultra-help-desk-support-plugin-105-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-restaurant-reservations/restaurant-reservations-19-directory-traversal-to-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-customizer/custom-login-page-customizer-253-unauthenticated-privilege-escalation-via-password-reset</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/task-scheduler/task-scheduler-163-authenticated-admin-blind-server-side-request-forgery</loc>
<lastmod>2025-10-14T19:39:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-hubspot/integration-for-contact-form-7-hubspot-143-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-332-authenticated-editor-arbitrary-file-upload-via-filename-parameter-in-update_media_metadata-endpoint</loc>
<lastmod>2026-01-27T19:28:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio5-html5-shoutcast_sticky/sticky-radio-player-34-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rehub-theme/rehub-1961-authenticated-editor-local-file-inclusion</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/travel-booking-wordpress-theme-282-cross-site-scripting</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-optimize/wp-optimize-411-authenticated-admin-sql-injection</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kish-guest-posting/kish-guest-posting-12-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2012-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navz-photo-gallery/acf-photo-gallery-field-30-missing-authorization-to-authenticated-subscriber-attachment-metadata-modification</loc>
<lastmod>2026-02-18T14:58:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-free-drag-and-drop-page-builder-by-king-theme-294-reflected-cross-site-scripting</loc>
<lastmod>2020-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-filter-for-woocommerce-product/product-filter-for-woocommerce-product-131-unauthenticated-sql-injection</loc>
<lastmod>2022-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-update-mail-notification/email-notifications-for-updates-116-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-04-04T13:05:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-membership/wcfm-membership-woocommerce-memberships-for-multivendor-marketplace-21110-missing-authorization</loc>
<lastmod>2026-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint-lite/3dprint-lite-1915-arbitrary-file-upload</loc>
<lastmod>2021-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg_fullscreen_fullwidth_slider/imagevideo-fullscreen-background-167-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codestyling-localization/code-styling-localization-19919-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-in-blog/blog-in-blog-200-authenticated-editor-local-file-inclusion-via-shortcode</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listee/listee-116-unauthenticated-privilege-escalation</loc>
<lastmod>2026-02-26T17:48:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publisher-media-kit/terser-481-and-500-5141-regular-expression-denial-of-service</loc>
<lastmod>2022-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/our-team-members/our-team-members-22-missing-authorization-to-authenticated-subscriber-information-disclosure</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons-pro/happy-elementor-addons-pro-280-reflected-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-edit/super-edit-254-reflected-cross-site-scripting</loc>
<lastmod>2025-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gantry/gantry-4-framework-4121-reflected-cross-site-scripting</loc>
<lastmod>2024-10-17T15:42:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-737-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ux-sniff/uxsniff-128-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-for-sports-team-league-football-hockey-more-517-object-injection</loc>
<lastmod>2021-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-career-openings/easy-career-opening-04-unauthenticated-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-library-categories/media-library-categories-199-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-bulk-order-form/bulk-order-form-for-woocommerce-357-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nurelm-get-posts/get-posts-06-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hueman/hueman-363-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-263-authenticated-contributor-stored-cross-site-scripting-via-testimonial</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiparcels-shipping-for-woocommerce/multiparcels-shipping-for-woocommerce-11413-missing-authorization-via-get_history</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limb-gallery/limb-gallery-create-beautiful-image-video-galleries-132-cross-site-scripting</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadcounter/wp-downloadcounter-101-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-google-recaptcha/advanced-google-recaptcha-127-built-in-math-captcha-bypass</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/hotel-booking-227-unauthenticated-information-exposure</loc>
<lastmod>2025-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-643-unauthenticated-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-311-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/repagent/repagent-unknown-versions-cross-site-scripting</loc>
<lastmod>2013-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider/testimonial-slider-131-cross-site-request-forgery</loc>
<lastmod>2022-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-10005-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting-via-admin_post_wpgmza_save_settings</loc>
<lastmod>2026-03-17T13:24:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-carousel-elementor/testimonial-carousel-for-elementor-1022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-4023-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-twb_form-maker-11521-cross-site-request-forgery-to-limited-code-execution-via-execute</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-decaf/event-espresso-4-decaf-41044decaf-feature-bypass</loc>
<lastmod>2023-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scrollto-bottom/scrollto-bottom-111-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/news-flash/news-flash-110-authenticated-editor-php-object-injection</loc>
<lastmod>2024-08-07T13:00:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-calendly-scheduling/emc-scheduling-manager-44-authenticated-contributor-stored-cross-site-scripting-via-calendly-shortcode</loc>
<lastmod>2026-04-18T15:07:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-your-posts-manually/order-your-posts-manually-225-reflected-cross-site-scripting-via-cat_id</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kebo-twitter-feed/kebo-twitter-feed-1512-cross-site-request-forgery-via-kebo_twitter_menu_render</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-3613-authenticated-patient-sql-injection</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sapa/sapa-1114-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indieweb-post-kinds/post-kinds-1311-cross-site-scripting</loc>
<lastmod>2015-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-dashboard/simple-dashboard-20-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fsflex-local-fonts/flex-local-fonts-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/an-gradebook/an_gradebook-501-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nofollow/ultimate-nofollow-148-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-record/construction-light-167-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-activation</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-page-builder-lite-627-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiny-buttons/shiny-buttons-css3-button-generator-for-wordpress-110-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-303-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazyload-background-images/lazyload-background-images-107-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2025-01-06T15:40:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-divi/divi-torque-lite-410-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-01-28T22:09:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-maps-by-supsystic/ultimate-maps-by-supsystic-124-reflected-cross-site-scripting</loc>
<lastmod>2021-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-related-posts-plugin/yarpp-yet-another-related-posts-plugin-5309-authenticatedadministrator-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-highlights/post-highlights-20-26-cross-site-scripting</loc>
<lastmod>2014-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-article-uploader-extension/mainwp-various-extensions-missing-authorization-to-arbitrary-pagepost-deletion</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-2244-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-enable-svg/wp-enabled-svg-07-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream/stream-392-missing-authorization-via-load_alerts_settings</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricks-181-cross-site-request-forgery-via-save_settings</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75517212-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-6071-authentication-bypass</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/uncode/uncode-2916-authenticated-subscriber-arbitrary-file-read-in-uncode_recordmedia</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimal-coming-soon-maintenance-mode/minimal-coming-soon-coming-soon-page-233-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner/advanced-database-cleaner-303-reflected-cross-site-scripting</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quillforms/quill-forms-the-best-typeform-alternative-create-conversational-multi-step-form-survey-quiz-cost-estimation-or-donation-form-on-wordpress-3100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/additional-order-filters-for-woocommerce/additional-order-filters-for-woocommerce-121-reflected-cross-site-scripting</loc>
<lastmod>2024-11-25T15:28:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nanosupport/nanosupport-060-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-146-unauthenticated-php-object-injection-via-recursive_unserialize_replace</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-olivecart/wp-olivecart-113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conveythis-translate/conveythis-2692-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75517212-authenticated-contributor-stored-cross-site-scripting-via-video_player-shortcode</loc>
<lastmod>2026-06-30T15:07:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-support-for-elementor-templates/shortcode-for-elementor-templates-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upc-ean-barcode-generator/upceangtin-code-generator-202-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe/iframe-50-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edwiser-bridge/edwiser-bridge-432-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-1102-improper-neutralization-of-crlf-sequences-to-unauthenticated-email-header-injection-via-reply-to-display-name</loc>
<lastmod>2026-06-30T16:02:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-514-missing-authorization-via-resadminpermissionscheck</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allwebmenus-wordpress-menu-plugin/allwebmenus-wordpress-menu-plugin-119-arbitrary-file-upload</loc>
<lastmod>2012-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jupiterx/jupiterx-theme-300-authenticated-local-file-inclusion-via-print_pane</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/woocommerce-amazon-affiliates-wordpress-plugin-14100-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcp-openweather/wcp-openweather-250-cross-site-request-forgery</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-1847-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/midi-synth/midi-synth-110-unauthenticated-arbitrary-file-upload-via-export-ajax-action</loc>
<lastmod>2026-02-13T18:33:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-107-authenticated-administrator-sql-injection</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/setup-default-feature-image/setup-default-featured-image-12-missing-authorization</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jp-students-result-system-premium/jp-students-result-management-system-premium-117-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-59-reflected-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/churchope/churchope-21-local-file-inclusion</loc>
<lastmod>2014-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rating-bws/rating-by-bestwebsoft-02-reflected-cross-site-scripting</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giphypress/giphypress-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-gravity-forms/gsheetconnector-for-gravity-forms-1323-cross-site-request-forgery-to-arbitrary-plugin-activationdeactivation</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3352-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-644-cross-site-request-forgery-via-run_sync</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mergado-marketing-pack/mergado-pack-420-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-content/nelio-content-editorial-calendar-social-media-auto-posting-434-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mark-user-as-spammer/mark-user-as-spammer-101-reflected-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-11004-unauthenticated-insufficient-verification-of-data-authenticity-via-paypal-commerce-webhook-endpoint</loc>
<lastmod>2026-06-05T14:01:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-240-authenticatedcontributor-stored-cross-site-scripting-via-wrapper-link-url</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-641-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft3-3827-server-side-request-forgery</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ajax-filters/woocommerce-ajax-product-filters-136-arbitrary-settings-update</loc>
<lastmod>2019-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-recipe-management-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-image/seo-friendly-images-304-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-2414-authenticated-author-stored-cross-site-scripting-via-image-attachment-fields</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1003-mortgage-application/1003-mortgage-application-175-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phonetrack-meu-site-manager/phonetrack-meu-site-manager-01-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/edge-decor/edge-decor-22-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/under-construction-page/under-construction-385-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-saia-edition/ltl-freight-quotes-saia-edition-2210-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lms/lms-92-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ok-poster-group/ok-poster-group-11-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donations-block/donation-block-for-paypal-200-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fg-prestashop-to-woocommerce/fg-prestashop-to-woocommerce-plugin-3191-cross-site-scripting</loc>
<lastmod>2017-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-wordpress-295-multiple-vulnerabilities</loc>
<lastmod>2020-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/board-document-manager-from-chuhpl/board-document-manager-from-chuhpl-191-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7117-reflected-cross-site-scripting</loc>
<lastmod>2021-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-from-rss-to-email-newsletters-using-nourish/nourish-newsletter-1013-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-04T17:34:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-352-sensitive-information-disclosure</loc>
<lastmod>2013-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-svg-webp-ico-upload/enable-svg-webp-and-ico-upload-112-authenticated-author-stored-cross-site-scripting-via-svg-file-uploads</loc>
<lastmod>2025-11-17T20:54:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-buttons/ad-buttons-231-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lana-email-logger/lana-email-logger-102-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/medical-addon-for-elementor/medical-addon-for-elementor-162-insecure-direct-object-reference-to-authenticated-contributor-sensitive-information-exposure-via-shortcode</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-dialog/modal-dialog-359-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-paypal-payments/woocommerce-paypal-payments-401-missing-authorization-to-unauthenticated-order-manipulation-and-information-disclosure</loc>
<lastmod>2026-05-22T16:04:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-pinterest-portfolio/gs-pins-for-pinterest-182-authenticated-contributor-stored-cross-site-scripting-via-shorcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-126-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xshare/xshare-101-cross-site-request-forgery-to-rs_plugin_reset-parameter</loc>
<lastmod>2026-01-06T19:39:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-news-scroller/rss-news-scroller-200-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-6537-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sw_core/sw-core-1718-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dwt-listing/dwt-directory-listing-wordpress-theme-333-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdfjs-viewer-shortcode/pdfjs-viewer-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-12111-and-ti-woocommerce-wishlist-pro-1214-arbitrary-options-update</loc>
<lastmod>2020-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stats/stats-11-sql-injection</loc>
<lastmod>2007-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5360-missing-authorization-in-reviews-exporter</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-100-reflected-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flashnews-fading-effect-pearlbells/flash-news-post-responsive-41-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-115-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-plugin/bestwebsofts-twitter-214-cross-site-request-forgery</loc>
<lastmod>2012-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-wordpress-4615-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-833-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sponsors-carousel/sponsors-carousel-402-authenticated-admin-stored-cross-site-scripting-in-show</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spice-blocks/spice-blocks-2074-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-fields/simple-fields-12-cross-site-request-forgery</loc>
<lastmod>2013-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto-converter-widget/crypto-converter-widget-183-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nexos/nexos-real-estate-wordpress-theme-18-cross-site-scripting</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watupro/watupro-5537-sql-injection</loc>
<lastmod>2017-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-conditional-discount-rules-for-checkout/woocommerce-dynamic-pricing-and-discount-rules-240-cross-site-request-forgery</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-lms-addon/designthemes-lms-addon-26-missing-authorization</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextcellent-gallery-nextgen-legacy/nextcellent-gallery-1935-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropbox-folder-share/dropbox-folder-share-197-unauthenticated-server-side-request-forgery-via-link</loc>
<lastmod>2023-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aramex-shipping-woocommerce/aramex-shipping-woocommerce-1121-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-26T13:12:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chaostheory/chaostheory-13-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-prayer-time-for-mosques/daily-prayer-time-20210809-stored-cross-site-scripting</loc>
<lastmod>2021-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2744-authenticatedcontributor-stored-cross-site-scripting-via-heading-tag</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-athletics/wp-athletics-117-stored-cross-site-scripting</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayer/wp-prayer-209-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-multi-currency/curcy-multi-currency-for-woocommerce-225-unauthenticated-arbitrary-shortcode-execution-via-get_products_price-function</loc>
<lastmod>2025-02-05T18:44:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-map-by-revukangaroo/review-map-by-revukangaroo-17-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-03-20T15:16:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soliloquy-lite/slider-by-soliloquy-272-missing-authorization</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analogwp-templates/style-kits-advanced-theme-styles-for-elementor-250-authenticated-contributor-stored-cross-site-scripting-via-kit-title</loc>
<lastmod>2026-05-26T12:12:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resads/resads-102-reflected-cross-site-scripting</loc>
<lastmod>2015-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catalyst-connect-client-portal/catalyst-connect-zoho-crm-client-portal-200-reflected-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-231-arbitrary-redirect</loc>
<lastmod>2022-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-forms/contact-form-by-mega-forms-161-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/tag-category-and-taxonomy-manager-ai-autotagger-with-openai-3372-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-testimonial/testimonials-26-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alert-box-block/alert-box-block-display-noticealerts-in-the-front-end-113-authenticated-contributor-stored-cross-site-scripting-via-alert-box-block</loc>
<lastmod>2025-03-24T19:33:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-tools-viet-nam/affiliate-tools-vit-nam-0317-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rd-wc-order-modifier/rd-order-modifier-for-woocommerce-105-cross-site-request-forgery</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-mask/content-mask-1852-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-182-sql-injection-via-tutor_quiz_builder_get_answers_by_question</loc>
<lastmod>2021-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-notify-lite/popup-builder-1133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-5450-authenticated-contributor-stored-cross-site-scripting-via-form-settings</loc>
<lastmod>2026-03-12T19:59:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-basic-elements/wp-basic-elements-5215-missing-authorization-to-plugin-settings-update-via-wpbe_save_settings</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-659-authenticated-contributor-stored-cross-site-scripting-via-info-box-widget</loc>
<lastmod>2026-02-13T21:37:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dashboard-beacon/dashboard-beacon-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-and-footer-scripts/header-and-footer-scripts-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-08T21:20:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tripadvisor-review-slider/wp-tripadvisor-review-slider-126-authenticated-administrator-sql-injection</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-donate/simple-donate-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T14:59:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hot-random-image/hot-random-image-192-path-traversal-to-authenticated-contributor-limited-arbitrary-image-access-via-path-parameter</loc>
<lastmod>2025-05-21T20:42:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meow-gallery/meow-gallery-544-authenticated-author-sql-injection</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooswipe/wooswipe-woocommerce-gallery-302-missing-authorization</loc>
<lastmod>2022-11-17T15:35:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-price-ticker-widget/cryptocurrency-widgets-price-ticker-coins-list-280-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-author/boost-your-blogs-engagement-with-wp-post-author-381-authenticated-administrator-sql-injection</loc>
<lastmod>2024-10-11T20:41:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-and-client-message-after-order-for-woocommerce/orderconvo-124-missing-authorization-to-arbitrary-file-upload</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upcoming-for-calendly/upcoming-for-calendly-124-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-11T14:28:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-carousel-free/carousel-slider-gallery-by-wp-carousel-image-carousel-photo-gallery-post-carousel-post-grid-product-carousel-product-grid-for-woocommerce-263-authenticated-admin-php-object-injection</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallets/bitcoin-and-altcoin-wallet-631-reflected-cross-site-scripting</loc>
<lastmod>2024-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-bws/captcha-by-bestwebsoft-520-captcha-bypass</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/igit-related-posts-with-thumb-images-after-posts/igit-related-posts-with-thumb-image-after-posts-453-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expire-users/expire-users-122-authenticated-subscriber-privilege-escalation-to-administrator-via-save_extra_user_profile_fields</loc>
<lastmod>2026-03-20T14:37:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crm-system/wp-crm-system-345-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-child-theme/generate-child-theme-20-cross-site-request-forgery-via-process_create_form</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-responsive-wordpress-plugin-216-full-path-disclosure</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netroics-blog-posts-grid/netroics-blog-posts-grid-10-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-690-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-22T22:22:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-switcher/image-switcher-011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-1312-cross-site-scripting</loc>
<lastmod>2014-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-for-writers/slider-for-writers-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-681-authenticated-php-object-injection</loc>
<lastmod>2020-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/olivia/olivia-095-reflected-cross-site-scripting</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-learning/nd-learning-47-open-redirect</loc>
<lastmod>2019-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-user-editor/bulk-fields-editor-180-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-330-unauthenticated-local-file-inclusion-via-modal</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/better-messages-live-chat-for-wordpress-buddypress-peepso-ultimate-member-buddyboss-2102-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-16T17:20:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-205-unauthenticated-sql-injection</loc>
<lastmod>2023-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/wp-timetics-ai-powered-appointment-booking-calendar-and-online-scheduling-plugin-1027-missing-authorization-to-authenticated-subscriber-arbitrary-user-deletion</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-289-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-855-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/freemius-2101-reflected-dom-based-cross-site-scripting-via-url-parameter</loc>
<lastmod>2026-04-30T17:17:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weekly-class-schedule/weekly-class-schedule-319-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-615-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-448-authenticated-subscriber-stored-cross-site-scripting-via-openai_settings_option_callback</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookshelf/bookshelf-204-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-279-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-descriptions/terms-descriptions-344-reflected-cross-site-scripting-via-term_search</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-payeezy-pay/wp-payeezy-pay-298-local-file-inclusion</loc>
<lastmod>2018-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-524-server-side-request-forgery-2</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-popup-manager/simple-popup-manager-135-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-288-authenticated-contributor-stored-cross-site-scripting-via-woolentorsearch-shortcode</loc>
<lastmod>2024-05-20T19:41:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-meta-data-manager/post-meta-data-manager-120-missing-authorization-to-user-term-and-post-meta-deletion</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiecode/cookiecode-244-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rest-headless/wp-headless-cms-framework-115-unauthenticated-protection-mechanism-bypass</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-gate/age-gate-353-unauthenticated-local-php-file-inclusion-via-lang</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-1112-reflected-cross-site-scripting</loc>
<lastmod>2025-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtranslate/gtranslate-pro-and-gtranslate-enterprise-2864-reflected-cross-site-scripting</loc>
<lastmod>2021-07-23T15:18:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-for-page/posts-for-page-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-325-unauthenticated-sql-injection</loc>
<lastmod>2024-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pos/woocommerce-pos-1411-insufficient-verification-of-data-authenticity-to-authenticated-customer-information-disclosure</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post-page-menu-custom-post-type/duplicate-post-page-menu-custom-post-type-231-missing-authorization-to-post-duplication</loc>
<lastmod>2023-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-cash/get-cash-323-missing-authorization</loc>
<lastmod>2025-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/covermanager/covermanager-001-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sidebar-content-from-shortcode/sidebar-content-from-shortcode-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-sliding-faq/ad-sliding-faq-24-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-06T20:39:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20251121-unauthenticated-open-redirect</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-myparcel/myparcel-4241-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vrview/vrview-113-and-wp-vr-view-16-reflected-cross-site-scripting</loc>
<lastmod>2018-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-beta-tester/woocommerce-beta-tester-224-authenticated-administrator-sql-injection</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watcher-elementor/watcher-for-elementor-109-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3627-authenticated-instructor-sql-injection</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-monalisa/wp-monalisa-64-cross-site-request-forgery</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xhanch-my-twitter/xhanch-my-twitter-276-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/restaurant-zone/restaurant-zone-078-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jc-importer/import-wp-export-and-import-csv-and-xml-files-to-wordpress-2145-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amilia-store/amilia-store-298-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-insightly/wp-insightly-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-114-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1300-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-232-missing-authorization-to-authenticated-subscriber-content-injection</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.6/wordpress-core-46-cross-site-request-forgery</loc>
<lastmod>2016-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tarteaucitronjs/tarteaucitronio-194-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-by-realfavicongenerator/favicon-by-realfavicongenerator-1346-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/bulk-noindex-nofollow-toolkit-215-reflected-cross-site-scripting</loc>
<lastmod>2024-09-25T13:45:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/drone/drone-140-reflected-cross-site-scripting</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5150-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adverts-click-tracker/adverts-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primary-addon-for-elementor/primary-addon-for-elementor-155-authenticated-contributor-stored-cross-site-scripting-via-pricing-table-widget</loc>
<lastmod>2024-05-24T14:12:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-wordpress-gallery-plugin-485-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-09-23T18:51:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytiko/paytiko-for-woocommerce-147-missing-authorization</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickwhale/clickwhale-250-authenticated-admin-sql-injection</loc>
<lastmod>2025-09-19T15:50:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-178-authenticated-contributor-sql-injection</loc>
<lastmod>2024-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-730-missing-authorization-to-authenticated-contributor-arbitrary-option-deletion</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stripe-donation/wordpress-stripe-donation-and-payment-plugin-323-missing-authorization</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tube-video-ads-lite/tube-video-ads-lite-157-reflected-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freshdesk-support/freshdesk-official-17-open-redirect</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-320-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-3357-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmo-social-connection/gmo-social-connection-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-property/wp-property-1350-remote-file-upload</loc>
<lastmod>2012-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/whiterabbit/white-rabbit-152-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwl-pro-voting-manager/bwl-pro-voting-manager-149-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notice-bar/notice-bar-313-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmp-coming-soon-maintenance/cmp-coming-soon-maintenance-plugin-by-niteothemes-4116-missing-authorization-to-authenticated-administrator-arbitrary-file-upload-and-remote-code-execution</loc>
<lastmod>2026-04-17T15:02:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-validation-for-gravity-forms/real-time-validation-for-gravity-forms-170-cross-site-request-forgery</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-random-posts-widget/sb-random-posts-widget-10-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smokesignal/smoke-signal-127-authenticated-stored-cross-site-scripting</loc>
<lastmod>2017-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-217-reflected-cross-site-scripting</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmi-adultkid-calculator/bmi-adult-kid-calculator-122-reflected-cross-site-scripting</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neos-connector-for-fakturama/neos-connector-for-fakturama-0014-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:07:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-784-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-642-cross-site-scripting-via-post_meta</loc>
<lastmod>2018-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-carousel-free/carousel-slider-gallery-by-wp-carousel-268-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vod-infomaniak/vod-infomaniak-157-cross-site-request-forgery</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spamreferrerblock/spamreferrerblock-222-cross-site-request-forgery</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amr-personalise/amr-personalise-210-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-links-interlinking/seo-links-interlinking-17991-reflected-cross-site-scripting-via-google_error-parameter</loc>
<lastmod>2026-01-27T21:46:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11524-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/wp-foodbakery-47-unauthenticated-privilege-escalation-in-foodbakery_registration_validation</loc>
<lastmod>2025-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-elementor-addons/better-elementor-addons-155-authenticated-contributor-stored-cross-site-scripting-via-slider-widget</loc>
<lastmod>2025-12-11T14:24:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-masta/mail-masta-10-sql-injection-via-member_id-parameter</loc>
<lastmod>2017-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-pdf/dk-pdf-196-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/accept-donations-with-paypal-130-cross-site-request-forgery-to-post-deletion</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/wp-foodbakery-48-authentication-bypass-in-foodbakery_parse_request</loc>
<lastmod>2025-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-core-features/designthemes-core-features-23-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-smart-slider3-pro/smart-slider-3-pro-35135-backdoor-embedded-via-supply-chain-compromise</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wsms-formerly-wp-sms-sms-mms-notifications-with-otp-and-2fa-for-woocommerce-721-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-playlist-for-youtube/video-playlist-for-youtube-61-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-contact-form-survey-quiz-custom-form-builder-for-elementor-410-unauthenticated-form-submission-exposure-via-forgeable-cookie-value</loc>
<lastmod>2026-01-23T19:35:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cookandmeal/cookmeal-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-834-authenticated-custom-path-traversal</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-profile-shortcodes-extra/bp-profile-shortcodes-extra-260-authenticated-contributor-sql-injection-via-tab-parameter</loc>
<lastmod>2024-12-02T19:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wesecur-security/wesecur-security-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/institutions-directory/institutions-directory-134-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-dashboard-511-cross-site-request-forgery</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-5194-unauthenticated-authentication-bypass-via-load_step-function</loc>
<lastmod>2025-09-29T16:24:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-23517-missing-authentication-to-sensitive-information-exposure</loc>
<lastmod>2024-11-15T20:57:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-1113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokstories/rokstories-125-arbitrary-file-upload</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thank-me-later/thank-me-later-334-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-side-data-storage-for-contact-form-7/admin-side-data-storage-for-contact-form-7-111-missing-authorization-to-unauthenticated-bookmark-status-alteration</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-242-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/woocommerce-store-exporter-183-missing-authorization</loc>
<lastmod>2016-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-column-widgets/responsive-column-widgets-127-reflected-cross-site-scripting-via-tab</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-copysafe-web/copysafe-web-protection-51-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-322-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uicore-elements/uicore-elements-free-elementor-widgets-and-templates-1016-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-import-menus/export-import-menus-180-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date/order-delivery-date-for-wp-e-commerce-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wikilookup/wikilookup-115-authenticated-administrator-stored-cross-site-scripting-via-popup-width-setting</loc>
<lastmod>2026-03-20T15:14:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jcarousel-for-wordpress/jcarousel-10-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-spam/zero-spam-544-authenticated-administrator-sql-injection</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxypress/foxypress-0426-arbitrary-file-upload</loc>
<lastmod>2012-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-custom-sidebar/wordpress-custom-sidebar-23-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phoenix-media-rename/phoenix-media-rename-342-author-arbitrary-media-file-renaming</loc>
<lastmod>2021-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/current-menu-item-for-custom-post-types/current-menu-item-for-custom-post-types-15-cross-site-request-forgery</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dyslexiefont/dyslexiefont-free-100-cross-site-request-forgery</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dicom-support/dicom-support-0106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-41517-cross-site-scripting</loc>
<lastmod>2016-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-files/private-files-040-cross-site-request-forgery-to-disable-protection</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-slide/content-slide-142-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/martins-free-and-easy-ad-network-get-more-visitors/martins-free-monetized-ad-exchange-network-105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-gravity-forms-custom-validation/bsk-forms-validation-17-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elements-hider/easy-elements-hider-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-from-files/gallery-from-files-160-reflected-cross-site-scripting</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/easycart-205-sensitive-information-disclosure</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ppv-live-webcams/paid-videochat-turnkey-site-html5-ppv-live-webcams-7323-unauthenticated-php-object-injection</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagbank-connect/pagbank-pagseguro-connect-para-woocommerce-4443-authenticated-shop-manager-sql-injection</loc>
<lastmod>2025-09-09T18:11:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addons/woocommerce-product-add-ons-613-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/edumall/edumall-445-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-2109-authenticated-subscriber-insecure-direct-object-reference-to-disable-google-authenticator</loc>
<lastmod>2026-01-15T15:58:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mihdan-no-external-links/mihdan-no-external-links-474-cross-site-scripting</loc>
<lastmod>2022-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-4861-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-now-button/call-now-button-153-missing-authorization-to-authenticated-subscriber-limited-plugin-settings-update</loc>
<lastmod>2025-10-28T23:59:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform/buddyboss-platform-2850-authenticated-subscriber-stored-cross-site-scripting-via-bp_nouveau_ajax_media_save-function</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-addons-for-elementor/skt-addons-for-elementor-18-authenticated-contributor-stored-cross-site-scripting-via-countdown-block</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker/leaflet-maps-marker-3129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digiseller/digiseller-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-14T20:02:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-410-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-merchant/audio-merchant-504-cross-site-request-forgery-to-settings-modifcation-and-stored-cross-site-scripting</loc>
<lastmod>2023-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zingiri-forum/forums-144-directory-traversal</loc>
<lastmod>2013-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/background-animation-blocks/background-animation-blocks-215-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exact-links/url-shortener-307-missing-authorization</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ean-for-woocommerce/ean-for-woocommerce-492-authenticated-contributor-stored-cross-site-scripting-via-alg_wc_ean_product_meta-shortcode</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-bookmarking-reloaded/social-bookmarking-reloaded-318-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/group-category-creator/group-category-creator-1303-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sendfox/wp-sendfox-130-missing-authorization</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-masquerade/wp-masquerade-110-authenticated-subscriber-account-takeover</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/borderless/borderless-widgets-elements-templates-and-toolkit-for-elementor-gutenberg-153-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search/better-search-310-cross-site-request-forgery</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backgrounds-lite/wp-backgrounds-lite-23-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-list-featured-image/post-list-featured-image-059-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/member-approval/member-approval-131109-cross-site-scripting</loc>
<lastmod>2014-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searcher-elementor/searcher-for-elementor-103-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/text-toggle/text-toggle-11-authenticated-contributor-stored-cross-site-scripting-via-title-shortcode-attribute</loc>
<lastmod>2026-03-20T15:07:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-cross-site-request-forgery-via-multiple-functions</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dideo/dideo-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:22:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-payment-gateway-for-piraeus-bank/piraeus-bank-woocommerce-payment-gateway-314-missing-authorization-to-unauthenticated-arbitrary-order-status-change</loc>
<lastmod>2026-01-06T20:29:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingkong-board/kingkong-board-2102-missing-authorization</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-restaurant-menu-online-food-ordering-table-booking-system-3014-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pagebuilder/wp-page-builder-126-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid-elementor-addon/post-grid-elementor-addon-2016-authenticated-contributor-stored-cross-site-scripting-via-title_tag</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evergreen-content-poster/evergreen-content-poster-14-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hermit/hermit-316-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-04-28T12:49:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxgooglemap/cbx-map-for-google-map-openstreetmap-1112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-1530-missing-authorization-to-authenticated-subscriber-scheduled-form-submission-export-via-forminator_export_entries-action-on-wp_loaded-hook</loc>
<lastmod>2026-05-06T14:41:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4167-reflected-cross-site-scripting</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3625-missing-authorization-to-form-submission-export</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-slider-ssp/wp-slider-plugin-145-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-04T12:51:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vireo/vireo-1024-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/additional-product-fields-for-woocommerce/extra-product-options-builder-for-woocommerce-12104-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rough-chart/rough-chart-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ucat-next-story/ucat-next-story-200-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-gutenberg-blocks-page-builder-for-gutenberg-editor-355-authenticated-contributor-stored-cross-site-scripting-via-gutentor-block-html</loc>
<lastmod>2026-04-22T13:44:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-291-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wr-age-verification/wr-age-verification-200-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-for-wordpress-85-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edit-comments/edit-comments-03-unauthenticated-sql-injection</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-thumbnailer/auto-thumbnailer-10-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-12-04T17:20:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-1817-missing-authorization-via-ajax_license_check</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-addons-and-templates-kit-for-elementor-171058-171059-authenticated-contributor-arbitrary-file-read-via-data-table-widget-csv-file-source</loc>
<lastmod>2026-06-18T16:21:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nearby-locations/nearby-locations-111-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ewww-image-optimizer/ewww-image-optimizer-720-sensitive-information-exposure</loc>
<lastmod>2023-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yournewsapp/blappsta-mobile-app-plugin-your-native-mobile-iphone-app-and-android-app-0888-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evernote-sync/evernote-sync-300-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dark-mode/wp-dark-mode-wordpress-dark-mode-plugin-for-improved-accessibility-dark-theme-night-mode-and-social-sharing-504-missing-authorization</loc>
<lastmod>2024-06-05T15:09:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-287-missing-authorization</loc>
<lastmod>2016-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-role-pricing/woocommerce-role-pricing-355-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-businessdirectory/wp-businessdirectory-401-unauthenticated-arbitrary-file-deletion-via-path-traversal-via-_filename-parameter</loc>
<lastmod>2026-06-30T16:18:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mir-blocks-and-shortcodes/mir-blocks-and-shortcodes-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-23T16:42:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-4927-privilege-escalation</loc>
<lastmod>2018-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/types/toolset-types-1211-cross-site-scripting</loc>
<lastmod>2013-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-352-missing-authorization-checks</loc>
<lastmod>2013-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/license-manager-for-woocommerce/license-manager-for-woocommerce-3012-authenticated-administrator-sql-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-320-missing-authorization</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-3d-flipbook-powered-physics-engine/3d-flipbook-pdf-embedder-pdf-flipbook-viewer-flipbook-image-gallery-11617-missing-authorization-to-unauthenticated-privatedraft-flipbook-data-exposure</loc>
<lastmod>2026-04-14T10:49:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-geoplugin/geo-controller-864-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/crocoblock-jetengine-313-authenticatedauthor-arbitrary-file-upload-to-remote-code-execution</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-42196-unauthenticated-remote-code-execution</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-anti-spam-firewall-by-cleantalk-6432-authorization-bypass-via-reverse-dns-spoofing-to-unauthenticated-arbitrary-plugin-installation</loc>
<lastmod>2024-11-25T17:06:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-export-pdf-tool-for-wordpress-13214-reflected-cross-site-scripting</loc>
<lastmod>2026-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-subscriptions/zoho-billing-41-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-link-directory/simple-link-directory-735-reflected-cross-site-scripting</loc>
<lastmod>2019-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-3018-unauthenticated-cross-site-scripting</loc>
<lastmod>2018-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-courses/premium-courses-elearning-105-sql-injection</loc>
<lastmod>2022-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/immiex/sale-immigration-law-visa-services-support-migration-agent-consulting-158-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearfy/webcraftic-clearfy-wordpress-optimization-plugin-232-cross-site-request-forgery-to-plugin-settings-update-via-setup-wbcr_clearfy</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-612-664-cross-site-scripting</loc>
<lastmod>2018-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ongkoskirim-id/ongkoskirimid-106-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-meta-data-manager/post-meta-data-manager-120-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/back-in-stock-notifier-for-woocommerce/back-in-stock-notifier-for-woocommerce-woocommerce-waitlist-pro-531-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33100-authenticated-subscriber-stored-cross-site-scripting-via-filename-parameter</loc>
<lastmod>2024-08-02T20:41:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-llama/quotes-llama-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/monyxi/monyxi-118-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/case-study/svg-case-study-10-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-15T15:03:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluid-responsive-slideshow/fluid-responsive-slideshow-227-reflected-cross-site-scripting</loc>
<lastmod>2016-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fyrebox-shortcode/fyrebox-quizzes-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finale-woocommerce-sales-countdown-timer-discount/finale-lite-2180-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation-and-activation</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager/wp-job-manager-1261-arbitrary-file-upload</loc>
<lastmod>2016-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-membership/micropayments-fans-paysite-paid-creator-subscriptions-digital-assets-wallet-320-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2025-06-27T19:13:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-334-authenticated-academy-instructor-insecure-direct-object-reference</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-44-missing-authorization-via-save_config</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-image-gallery/wordpress-photo-gallery-image-gallery-204-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kubio/kubio-ai-page-builder-272-missing-authorization-to-authenticated-contributor-limited-file-upload-via-kubio-block-attributes</loc>
<lastmod>2026-04-16T15:06:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rvcfdi-para-woocommerce/rvcfdi-para-woocommerce-818-reflected-cross-site-scripting</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-172-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eexamhall/eexamhall-40-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-472-cross-site-request-forgery-via-ts_reset_tracking_setting</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/campress/campress-135-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-editor/theme-editor-25-authenticated-arbitrary-file-download</loc>
<lastmod>2021-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lella/lella-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/resurs/resurs-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grevo/grevo-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/virtue/virtue-348-authenticated-contributor-stored-cross-site-scripting-via-post-author</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-catalog-feed/product-catalog-feed-by-pixelyoursite-210-reflected-cross-site-scripting-via-edit</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cww-companion/cww-companion-127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultraaddons-elementor-lite/ultraaddons-elementor-lite-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-email-add-on/contact-form-7-email-add-on-19-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-and-salon-booking-system-pro-762-sensitive-information-disclosure</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-power-bi-reports/powerbi-embed-reports-120-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-10-17T19:06:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-168-authenticated-contributor-sql-injection-via-post_id</loc>
<lastmod>2023-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1454-unauthenticated-stored-cross-site-scripting-via-user-agent-header</loc>
<lastmod>2025-09-26T16:25:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-addons-140-widgets-for-elementor-1420-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-03T19:27:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blaze-demo-importer/blaze-demo-importer-100-1013-missing-authorization-to-authenticated-subscriber-database-reset-and-file-deletion</loc>
<lastmod>2025-12-11T15:12:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-72-arbitrary-usermeta-update-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-806-unauthenticated-sql-injection</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snow-monkey-blocks/snow-monkey-blocks-24111-authenticated-contributor-stored-cross-site-scripting-via-data-slick-attribute</loc>
<lastmod>2026-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-469-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-2220-missing-authorization</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicewp/wordpress-affiliates-plugin-slicewp-affiliates-1045-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-1712-missing-authorization</loc>
<lastmod>2017-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-audio-player/html5-audio-player-2223-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barclaycart/barclaycart-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/psw-login-and-registration/psw-front-end-login-registration-112-authentication-bypass</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.7/wordpress-core-28-sensitive-information-disclosure</loc>
<lastmod>2009-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-elementor-buttons/global-elementor-buttons-110-authenticatedcontributor-stored-cross-site-scripting-via-button-link</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recurring-donation/recurring-paypal-donations-18-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-anchors-links/wp-simple-anchors-links-100-authenticated-contributor-stored-cross-site-scripting-via-wpanchor-shortcode</loc>
<lastmod>2024-10-30T18:08:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-310-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-167-authenticated-contributor-insecure-direct-object-reference</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cloudy/wp-cloudy-449-authenticated-admin-sql-injection</loc>
<lastmod>2021-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zass/zass-woocommerce-theme-for-handmade-artists-and-artisans-39910-missing-authorization-to-authenticated-subscriber-demo-import</loc>
<lastmod>2025-03-04T21:11:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-352-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddybadges/buddybadges-100-authenticated-administrator-sql-injection</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-adman/new-adman-168-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/likecoin/web3press-320-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-513-authenticated-author-stored-cross-site-scripting-via-loading-label-setting</loc>
<lastmod>2026-04-07T21:02:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3528-missing-authorization-to-authenticated-susbcriber-ticket-deletion</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-voucher/gift-vouchers-440-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-1252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weglot/translate-wordpress-and-go-multilingual-weglot-425-authenticated-contributor-stored-cross-site-scripting-via-block-attributes</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-9320-authenticated-student-arbitrary-file-upload</loc>
<lastmod>2025-08-15T14:56:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gozen-forms/gozen-forms-115-unauthenticated-sql-injection-via-dirgzactiveform</loc>
<lastmod>2025-07-03T12:18:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-29102-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-switcher/post-type-switcher-400-insecure-direct-object-reference-to-authenticated-author-post-type-change</loc>
<lastmod>2025-11-17T18:38:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-489-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-smtp-mailer/caldera-smtp-mailer-101-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-335-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightbox-gallery/lightbox-gallery-094-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-6071-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accept-authorize-net-payments-using-contact-form-7/accept-authorizenet-payments-using-contact-form-7-22-unauthenticated-information-exposure</loc>
<lastmod>2024-12-17T14:56:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-id/eid-easy-493-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-09-10T18:55:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-viewer-block/gutenberg-pdf-viewer-block-10-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ngg-smart-image-search/ngg-smart-image-search-341-unauthenticated-sql-injection</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticket/wp-ticket-customer-service-software-support-ticket-system-602-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-contact-form-7-db-208-import-any-xml-csv-or-excel-file-to-wordpress-380-use-of-vulnerable-component-phpexcel</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-product-reviews/easy-digital-downloads-product-reviews-138-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/continuous-announcement-scroller/continuous-announcement-scroller-130-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-load-more/easy-load-more-103-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T19:13:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azan/azan-plugin-06-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-489-unauthenticated-sensitive-information-exposure-via-qcld_wb_chatbot_check_user</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/togo/togo-104-missing-authorization</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wavr/wavr-026-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-07T17:37:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-6427-cross-site-request-forgery</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostinger/hostinger-197-missing-authorization-to-maintenance-mode-activation</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-152-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-ecommerce-shopping-cart-61022-insufficient-access-control-on-multiple-ajax-actions</loc>
<lastmod>2022-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-198-sql-injection</loc>
<lastmod>2011-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-3562-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-multi-currency/woocommerce-multi-currency-2117-missing-authorization</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-business-developer-and-agency-multiple-versions-missing-authorization-to-google-sheets-integration-credentials-modification-and-stored-cross-site-scripting</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-2310-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uipress-lite/uipress-lite-3508-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-11-20T19:18:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themes4wp-youtube-external-subtitles/themes4wp-youtube-external-subtitles-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-survey-versus-poll-image-poll-video-poll-255-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/double-opt-in-for-download/double-opt-in-for-download-209-sql-injection</loc>
<lastmod>2016-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-clock/time-clock-123-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rezgo/rezgo-online-booking-417-reflected-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5015-sql-injection</loc>
<lastmod>2022-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-331-reflected-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traderunner/trade-runner-39-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailkit/emailkit-163-authenticated-administrator-path-traversal-via-emailkit-editor-template-rest-api-parameter</loc>
<lastmod>2026-03-20T11:00:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowband-mobile-app-builder-for-woocommerce/knowband-mobile-app-builder-208-missing-authorization-to-unauthenticated-arbitrary-user-deletion</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplemodal-contact-form-smcf/simplemodal-contact-form-smcf-129-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnify-widget/omnify-203-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/htaccess-redirect/htaccess-redirect-031-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unitechpay-paiements-mobile-money/unitechpay-102-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-chat-button-kommo-integration/website-chat-button-kommo-integration-131-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/responsive-contact-form-builder-lead-generation-plugin-189-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-backup-migration-09116-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-07-03T00:35:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/verbosa/verbosa-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallagher-website-design/gallagher-website-design-264-authenticated-contributor-stored-cross-site-scripting-via-prefix-shortcode-attribute</loc>
<lastmod>2026-04-21T20:36:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adaptive-images/adaptive-images-for-wordpress-0666-arbitrary-file-deletion</loc>
<lastmod>2019-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-importer/woocommerce-product-importer-152-reflected-cross-site-scripting</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/len-slider/len-slider-2011-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/appointment-booking-and-scheduling-calendar-plugin-wp-timetics-1036-missing-authorization-to-unauthenticated-booking-details-view-and-modification</loc>
<lastmod>2026-01-05T20:15:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-2012-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uipress-lite/uipress-lite-3406-authenticated-administrator-sql-injection</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-projects-document-manager-2595-sql-injection</loc>
<lastmod>2016-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-715-authenticated-contributor-stored-cross-site-scripting-via-su_members-shortcode</loc>
<lastmod>2024-05-20T20:36:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-5916-authenticated-administrator-sql-injection-via-workflow_ids-parameter</loc>
<lastmod>2026-03-03T12:24:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-minimal/the-minimal-129-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latex/latex-3410-cross-site-request-forgery-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/showtime-slideshow/showtime-slideshow-16-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-12-modules-all-in-one-solution-formerly-woolentor-284-authenticated-contributor-stored-cross-site-scripting-via-qr-code-widget</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fcchat/fcchat-widget-22137-arbitrary-file-upload</loc>
<lastmod>2012-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mfplugin/mfplugin-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-suite/custom-field-suite-264-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-6421-unauthenticated-sql-injection-via-payment-parameter</loc>
<lastmod>2026-02-17T16:02:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-205-unauthenticated-php-object-injection-via-propertyhive_currency</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-194-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-document-embedder/google-doc-embedder-26-cross-site-scripting</loc>
<lastmod>2016-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelpayouts/travelpayouts-121-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-446-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/materialis-companion/materialis-companion-1339-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-coming-soon-maintenance-countdown-clock-278-missing-authorization-to-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/images-optimize-and-upload-cf7/images-optimize-and-upload-cf7-214-missing-authorization-to-arbitrary-file-deletion</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-328-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-3317-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-for-wordpress-by-funnelkit-customize-woocommerce-checkout-pages-create-sales-funnels-order-bumps-one-click-upsells-346-missing-authorization-to-authenticated-contributor-settings-update</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-box/login-box-204-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link/pretty-links-link-management-branding-tracking-sharing-plugin-167-sql-injection</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbulky-wp-bulk-edit-post-types/wpbulky-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-authenticated-contributor-remote-code-execution</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-woocommerce/products-order-customers-export-for-woocommerce-2011-reflected-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secupress/secupress-free-239-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2025-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ngg-smart-image-search/ngg-smart-image-search-321-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inactive-logout/inactive-logout-322-cross-site-request-forgery</loc>
<lastmod>2023-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weblibrarian/weblibrarian-3486-cross-site-scripting</loc>
<lastmod>2017-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-394-reflected-cross-site-scripting</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/projectopia-core/projectopia-517-missing-authorization-to-privilege-escalation-via-pto_reset_password</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.6/wordpress-core-361-deserialization</loc>
<lastmod>2013-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-svg/support-svg-upload-svg-files-in-wordpress-without-hassle-110-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-25T20:18:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-ad-manager-adsense-ads-52-authenticated-sql-injection</loc>
<lastmod>2019-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lione/lione-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-284-forced-password-reset</loc>
<lastmod>2009-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tpg-redirect/tpg-redirect-107-cross-site-request-forgery</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discord-invite/wp-discord-invite-251-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-analytics/wise-analytics-119-missing-authorization-to-unauthenticated-arbitrary-analytics-database-disclosure-via-name-parameter</loc>
<lastmod>2026-01-23T19:19:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-donation/skt-donation-charity-and-fundraising-plugin-19-reflected-cross-site-scripting</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-rocket/social-rocket-social-sharing-plugin-1342-authenticated-subscriber-stored-cross-site-scripting-via-id</loc>
<lastmod>2026-04-22T12:47:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-293-cross-site-request-forgery</loc>
<lastmod>2020-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alchemists/alchemists-460-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-related-posts/inline-related-posts-350-information-exposure</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-gutenberg-based-page-builder-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-2174-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-01-24T19:37:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-bootstrap/shortcodes-bootstrap-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:20:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-icon/category-icon-101-authenticated-author-xml-external-entity-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/brikk/brikk-300-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3712-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prismatic/prismatic-27-stored-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediavine-control-panel/mediavine-control-panel-2104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-as-shortcode/if-as-shortcode-12-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-theme/duplicate-theme-016-cross-site-request-forgery-via-themeduplicationaction</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aba-payway-woocommerce-payment-gateway/aba-payway-payment-gateway-for-woocommerce-214-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kiddo/kiddo-theme-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-dashboard-for-wp/exactmetrics-7120-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-711-missing-authorization-to-authenticated-subscriber-order-information-disclosure</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-660-missing-authorization</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-621-cross-site-scripting</loc>
<lastmod>2019-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/woof-products-filter-for-woocommerce-1262-reflected-cross-site-scripting</loc>
<lastmod>2021-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-pricing-tables-vc-extension/simple-pricing-tables-for-wpbakery-page-builderformerly-visual-composer-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:47:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-1522-login-page-disclosure-via-referer-header</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-651-missing-authorization</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-contact-form/quick-contact-form-61-cross-site-scripting</loc>
<lastmod>2013-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockart-blocks/blockart-blocks-gutenberg-blocks-page-builder-blocks-wordpress-block-plugin-sections-template-library-2214-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-27T21:31:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-front-end-login-form-user-registration-user-profile-members-directory-plugin-for-wp-1211-unauthenticated-information-disclosure-via-unprotected-directories</loc>
<lastmod>2024-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postie/postie-1940-cross-site-scripting</loc>
<lastmod>2020-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graph-lite/wordpress-graphs-charts-208-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-cross-site-request-forgery-via-ajax_deactivate</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs-responsive/tabs-responsive-227-editor-stored-cross-site-scripting</loc>
<lastmod>2022-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appsero-helper/appsero-helper-134-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pipdisqus/pipdisqus-16-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ethereumico/ethereumico-246-authenticated-contributor-stored-cross-site-scripting-via-ethereum-ico-shortcode</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yuki/yuki-1313-missing-authorization-to-authenticated-subscriber-theme-setting-reset</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-412-missing-authorization-to-unauthenticated-privilege-escalation-via-setup-wizard</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/opstore/opstore-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-362-authenticated-administrator-arbitrary-file-deletion-via-path-traversal</loc>
<lastmod>2025-11-07T15:07:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/companion-auto-update/companion-auto-update-335-authenticated-admin-sql-injection</loc>
<lastmod>2019-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-folder/wp-media-folder-572-missing-authorization-to-authenticatedsubscriber-plugin-settings-change</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-ad-changer/cm-ad-changer-177-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2016-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-snippits/post-snippits-10-cross-site-request-forgery-to-stored-cross-site-scripting-via-settings-update</loc>
<lastmod>2026-03-20T15:15:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-columns/wp-post-columns-22-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taggbox-widget/taggbox-33-missing-authorization</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-chatgpt-assistant/ai-chatbot-with-chatgpt-and-content-generator-by-ays-209-missing-authorization</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azindex/azindex-081-cross-site-request-forgery-to-index-deletion</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-blvd-responsive-google-maps/theme-blvd-responsive-google-maps-102-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-channel/my-youtube-channel-30121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-performance-score-booster/wp-performance-score-booster-20-settings-change-via-cross-site-request-forgery</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ableplayer/able-player-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-10711-sql-injection</loc>
<lastmod>2016-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-footer-credit/remove-footer-credit-1013-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-antispam/antispam-for-contact-form-7-063-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-and-backup-786-authenticated-administrator-arbitrary-php-code-injection</loc>
<lastmod>2024-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-34241-cross-site-request-forgery-leading-to-stored-cross-site-scripting</loc>
<lastmod>2020-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pcrecruiter-extensions/pcrecruiter-extensions-1422-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T13:52:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-category-order/my-category-order-287-sql-injection</loc>
<lastmod>2009-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-no-cache/content-no-cache-014-unauthenticated-arbitrary-function-call</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-11220-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluex-for-woocommerce/plugin-bluex-for-woocommerce-314-missing-authorization</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-point-list/gmap-point-list-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fontsampler/fontsampler-0414-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tesseract/wp-tesseract-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dukapress/dukapress-259-blind-sql-injection</loc>
<lastmod>2015-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-832-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-addon-for-beaver-builder/powerpack-lite-for-beaver-builder-1292-reflected-cross-site-scripting</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nacc-wordpress-plugin/nacc-wordpress-plugin-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:08:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookit/bookit-240-price-bypass</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-and-compare/wishlist-and-compare-for-woocommerce-104-authorization-bypass</loc>
<lastmod>2021-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bidorbuystoreintegrator/bidorbuy-store-integrator-2120-reflected-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-512-authentication-bypass</loc>
<lastmod>2026-02-25T13:29:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/multiple-plugins-various-versions-authenticated-contributor-stored-dom-based-cross-site-scripting-via-fancybox-javascript-library</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-241-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-access-restriction/simple-page-access-restriction-1021-improper-access-control-to-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-19117-captcha-bypass</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keyword-strategy-internal-links/keyword-strategy-internal-links-20-reflected-cross-site-scripting</loc>
<lastmod>2014-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiceforms-form-builder/spiceforms-form-builder-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-01-13T16:49:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-contact-form/ws-contact-form-137-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-42093-reflected-cross-site-scripting</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-variation-swatches-for-woocommerce/variation-swatches-for-woocommerce-211-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2021-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/agrofood/agrofood-140-reflected-cross-site-scripting</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/puzzleme/puzzleme-for-wordpress-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protect-page/ppwp-password-protect-pages-195-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ofiz/ofiz-wordpress-business-consulting-theme-20-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-tabs/responsive-tabs-406-authenticated-contributor-content-injection</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-330-authenticated-contributor-stored-cross-site-scripting-via-block-attribute</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-classified-ads-business-directory-plugin-503-authenticated-subscriber-arbitrary-shortcode-execution-via-listing-description</loc>
<lastmod>2025-11-17T09:59:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-snippets/post-snippets-4011-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hummingbird-performance/hummingbird-341-unauthenticated-path-traversal</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/tag-category-and-taxonomy-manager-ai-autotagger-with-openai-3401-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-03T00:30:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-or-logout-menu-item/login-or-logout-menu-item-111-unauthenticated-settings-update</loc>
<lastmod>2019-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trinity-audio/trinity-audio-5200-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-contact-form-with-paypal/cp-contact-form-with-paypal-1301-cross-site-scripting</loc>
<lastmod>2019-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/constructor/constructor-165-missing-authorization-to-authenticated-subscriber-theme-clean</loc>
<lastmod>2025-10-02T21:28:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-5103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dts-simple-share/wordpress-simple-share-plugin-053-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pcloud-backup/pcloud-backup-101-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-twitter-feeds/easy-twitter-feed-twitter-feeds-plugin-for-wp-126-authenticated-contributor-post-exposure</loc>
<lastmod>2024-11-21T17:07:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-colorpicker/tinymce-color-picker-11-missing-authorization</loc>
<lastmod>2014-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-291-improper-authorization-to-authenticated-contributor-limited-administrator-actions</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loan-comparison/loan-comparison-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelpayouts/travelpayouts-all-travel-brands-in-one-place-1116-open-redirect</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-834-authenticated-contributor-stored-cross-site-scripting-via-team-members-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-admin-theme/wp-admin-theme-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rumbletalk-chat-a-chat-with-themes/rumbletalk-live-group-chat-619-missing-authorization-via-handlerequest</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/SCv1/scv1-theme-all-known-versions-arbitrary-file-download</loc>
<lastmod>2014-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myd-delivery/myd-delivery-137-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-pro/dokan-pro-3103-unauthenticated-sql-injection</loc>
<lastmod>2024-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fg-prestashop-to-woocommerce/fg-prestashop-to-woocommerce-4451-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropshipping-xox/dropshix-4014-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visit-counter/visit-counter-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T16:02:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-46-reflected-cross-site-scripting</loc>
<lastmod>2021-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-crm-newsletters-and-marketing-automation-441-missing-authorization</loc>
<lastmod>2026-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accept-stripe-payments-using-contact-form-7/accept-stripe-payments-using-contact-form-7-31-reflected-cross-site-scripting-via-failure_message</loc>
<lastmod>2025-12-11T14:24:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-2128-authenticated-contributor-stored-cross-site-scripting-via-testimonial-block</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allmart-core/allmart-11-unauthenticated-sql-injection</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-63-authenticated-subscriber-arbitrary-plugin-installation-and-activation</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telefication/telefication-180-open-relay-and-server-side-request-forgery</loc>
<lastmod>2021-09-21T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-booked/easy-booked-appointment-booking-and-scheduling-management-system-for-wordpress-245-cross-site-request-forgery</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/customizr/customizr-430-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-250-authenticated-admin-remote-code-execution</loc>
<lastmod>2024-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/st_newsletter/shiftthis-unspecified-version-sql-injection</loc>
<lastmod>2008-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/makestories-helper/makestories-for-google-web-stories-302-cross-site-request-forgery-via-ms_set_options</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-theme-content/church-content-sermons-events-and-more-26-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duoshuo/-12-reflected-cross-site-scripting</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crelly-slider/crelly-slider-134-arbitrary-file-upload</loc>
<lastmod>2019-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sikshya/learning-management-system-elearning-course-builder-wordpress-lms-plugin-sikshya-lms-0021-reflected-cross-site-scripting</loc>
<lastmod>2025-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-compliant-recaptcha-for-all-forms/anti-spam-spam-protection-recaptcha-for-all-forms-and-gdpr-compliant-411-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatically-hierarchic-categories-in-menu/automatically-hierarchic-categories-in-menu-205-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cricket-score/cricket-live-score-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:59:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ctl-behance-importer-lite/ctl-behance-importer-lite-10-unauthenticated-sql-injection</loc>
<lastmod>2025-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-329-authenticated-subscriber-insecure-direct-object-reference-via-eh_crm_ticket_single_view_client</loc>
<lastmod>2025-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nerd-toolkit/wp-nerd-toolkit-11-unauthenticated-information-exposure</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breezing-forms/breezing-forms-12730-sql-injection</loc>
<lastmod>2015-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-popup/yith-woocommerce-popup-1480-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-253-authenticated-sql-injection</loc>
<lastmod>2017-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-scheduler/backup-scheduler-1513-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-category-template/advanced-category-template-01-cross-site-request-forgery</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-319-arbitrary-deletion-of-content</loc>
<lastmod>2015-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-uploader-for-woocommerce/file-uploader-for-woocommerce-103-unauthenticated-arbitrary-file-upload-via-add-image-data</loc>
<lastmod>2025-12-19T15:04:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whats-new-genarator/whats-new-generator-202-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-accessibility/enable-accessibility-141-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T15:23:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-and-client-message-after-order-for-woocommerce/admin-and-customer-messages-after-order-for-woocommerce-orderconvo-135-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-top/click-to-top-127-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2020-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thrivedesk/wordpress-helpdesk-live-chat-plugin-powered-by-ai-thrivedesk-206-reflected-cross-site-scripting</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-for-ultimate-member/video-photo-gallery-for-ultimate-member-112-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-woocommerce/products-order-export-for-woocommerce-207-missing-authorization</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flamix-bitrix24-and-contact-forms-7-integrations/flamix-bitrix24-and-contact-form-7-integrations-310-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-limit-failed-login-attempts/limit-login-attempts-spam-protection-28-missing-authorization-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-reminder/posts-reminder-020-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-lightbox/wp-video-lightbox-1910-authenticated-contributor-stored-cross-site-scripting-via-width-parameter</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-best-help-desk-support-plugin-287-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microsoft-clarity/microsoft-clarity-03-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/roseta/roseta-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-443-unauthenticated-information-exposure</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-widget/rss-feed-widget-299-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-318-unauthenticated-local-file-inclusion-via-hotel_alone_load_more_post</loc>
<lastmod>2025-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ach-invoice-app/ach-invoice-app-101-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-media/sell-media-255-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contractor-contact-form-website-to-workflow-tool/contractor-contact-form-website-to-workflow-tool-400-reflected-cross-site-scripting</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-for-wp/analytics-for-wp-151-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-forms/form-contact-form-120-administrator-cross-site-scripting</loc>
<lastmod>2022-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/documentor-lite/documentor-create-product-documentation-153-unauthenticated-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cozystay/cozystay-171-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-736-unauthenticated-sql-injection</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-like-button/wp-like-button-170-missing-authorization-via-crublabfblbajax</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kayon/kayon-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/search-and-go/search-go-directory-wordpress-theme-27-authentication-bypass-to-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5315-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-student-results/easy-student-results-228-reflected-cross-site-scripting</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crm-system/wp-crm-system-manage-clients-and-projects-345-missing-authorization-to-authenticated-subscriber-crm-data-exposure-and-task-modification</loc>
<lastmod>2026-01-13T16:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-worldwide-express-edition/ltl-freight-quotes-worldwide-express-edition-521-missing-authorization</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radius-blocks/radius-blocks-212-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cool-tag-cloud/cool-tag-cloud-229-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-manager/wp-event-manager-320-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ova-advent/ova-advent-117-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-14T16:42:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wish-list-for-woocommerce/wishlist-for-woocommerce-323-missing-authorization</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-355-authenticated-contributor-stored-cross-site-scripting-via-read_more_text-parameter</loc>
<lastmod>2024-07-01T20:25:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-781-unauthenticated-sql-injection-via-event_count</loc>
<lastmod>2020-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3615-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/0.70/wordpress-core-070-remote-file-inclusion</loc>
<lastmod>2003-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-free-client-galleries-for-photographers-3024-unauthenticated-sensitive-information-exposure-via-invoice</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-image-sizes/simple-image-sizes-232-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-wishlist/wpc-smart-wishlist-for-woocommerce-508-missing-authorization</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-logos/awesome-logos-12-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neosense/neosense-multipurpose-wordpress-theme-wordpress-18-arbitrary-file-upload</loc>
<lastmod>2016-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockspare/blockspare-329-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2973-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-enviopack/woocommerce-enviopack-12-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20160215-reflected-cross-site-scripting</loc>
<lastmod>2016-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-contact-form-plugin-survey-quiz-payment-calculator-form-custom-form-builder-61612-reflected-cross-site-scripting-via-custom-html-form-parameter</loc>
<lastmod>2024-11-22T16:33:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amr-shortcode-any-widget/amr-shortcode-any-widget-40-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automation-web-platform/wawp-3018-unauthenticated-privilege-escalation</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-post-prefix/advance-post-prefix-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googleanalytics/sharethis-dashboard-for-google-analytics-251-reflected-cross-site-scripting-via-ga_action-parameter</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mq-woocommerce-products-price-bulk-edit/woocommerce-products-price-bulk-edit-20-cross-site-scripting-via-show_products_page_limit-parameter</loc>
<lastmod>2019-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.6/wordpress-core-46-authorization-bypass</loc>
<lastmod>2016-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/service-area-postcode-checker/service-area-postcode-checker-208-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avalon23-products-filter-for-woocommerce/avalon23-products-filter-for-woocommerce-116-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-23T16:40:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensly-online-presence/sensly-online-presence-06-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-3104-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedwordpress/feedwordpress-20150514-sql-injection</loc>
<lastmod>2015-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker-pro/leaflet-maps-marker-pro-158-arbitrary-file-upload</loc>
<lastmod>2014-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-703-authenticatedcontributor-stored-cross-site-scripting-via-plugin-shortcodes</loc>
<lastmod>2025-07-09T09:58:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/underconstruction/underconstruction-119-cross-site-request-forgery-to-construction-mode-disabled</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoloblocks/zoloblocks-2311-missing-authorization-to-unauthenticated-popup-enabledisable</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-1102-cross-site-request-forgery</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stackable-ultimate-gutenberg-blocks/stackable-page-builder-gutenberg-blocks-31211-authenticatedcontributor-stored-cross-site-scripting-via-posts-block</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2leads/wp2leads-345-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folders/folders-pro-302-authenticated-subscriber-stored-cross-site-scripting-via-user-first-name-and-last-name</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instantsearch-for-woocommerce/search-filters-merchandising-for-woocommerce-3067-missing-authorization-to-authenticated-subscriber-plugin-deactivation</loc>
<lastmod>2025-12-05T17:19:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-testing/psychological-tests-quizzes-02119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-04-26T07:49:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-4131-missing-authorization-to-unauthenticated-basic-information-exposure-via-asl_query-in-ajax-search-handler</loc>
<lastmod>2025-08-27T16:25:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweet-wheel/tweet-wheel-02-missing-authorization-checks</loc>
<lastmod>2015-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-3423-reflected-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledgebase/knowledge-base-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zuppler-online-ordering/zuppler-online-ordering-210-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-07-17T16:22:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/titan-labs-security-audit/security-audit-100-authenticated-admin-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mshop-npay/-337-authenticated-contributor-stored-cross-site-scripting-via-mnp_purchase-shortcode</loc>
<lastmod>2024-11-22T23:17:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-68-arbitrary-file-uploadremote-code-execution</loc>
<lastmod>2020-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-3473-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-css-columns/cm-css-columns-121-authenticated-contributor-stored-cross-site-scripting-via-tag-shortcode-attribute</loc>
<lastmod>2026-01-23T19:27:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fontsy/fontsy-186-unauthenticated-sql-injection</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peacefulqode-elementzplus-widgets/pq-addons-creative-elementor-widgets-100-authenticated-contributor-stored-cross-site-scripting-via-widget-attributes</loc>
<lastmod>2026-03-20T15:19:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-feed-reader/multi-feed-reader-224-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prisma/prisma-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-1930-open-redirect</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cdnvote/cdn-vote-042-sql-injection</loc>
<lastmod>2011-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdlr-hotel/goodlayers-hotel-314-reflected-cross-site-scripting</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gum-elementor-addon/gum-elementor-addon-135-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maio-the-new-ai-geo-seo-tool/maio-the-new-ai-geo-seo-tool-652-missing-authorization</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/serp-rank/keyword-rank-tracker-107-stored-cross-site-scripting</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wds-multisite-aggregate/wds-multisite-aggregate-100-reflected-cross-site-scripting</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-4344-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integracao-rd-station/rd-station-520-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mgl-instagram-gallery/mgl-instagram-gallery-plugin-unknown-versions-cross-site-scripting</loc>
<lastmod>2017-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jigoshop-exporter/jigoshop-store-exporter-158-reflected-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notifyvisitors-lead-form/notifyvisitors-10-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elegant-custom-fonts/elegant-custom-fonts-10-cross-site-request-forgery</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-monster/event-monster-210-unauthenticated-insufficient-verification-of-data-authenticity-to-payment-bypass-via-em_capture_payment-ajax-action</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/leroux/leroux-business-consulting-wordpress-theme-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-automator-plugin-for-no-code-automations-webhooks-custom-integrations-in-wordpress-572-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animate-it/animate-it-235-cross-site-scripting</loc>
<lastmod>2019-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hesabfa-accounting/hesabfa-accounting-224-cross-site-request-forgery</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-address-blocker/lionscripts-ip-blocker-lite-104-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2019-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/target-notifications/target-notifications-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/multiple-plugins-various-versions-authenticated-contributor-stored-dom-based-cross-site-scripting-via-magnific-popups-javascript-library</loc>
<lastmod>2025-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-global-screen-options/wp-global-screen-options-02-cross-site-request-forgery-to-screen-options-update</loc>
<lastmod>2025-11-03T15:18:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-432-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bilingual-linker/bilingual-linker-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:41:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lms-by-lifterlms-4210-reflected-cross-site-scripting</loc>
<lastmod>2021-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6074-missing-authorization-to-unauthenticated-arbitrary-settings-modification</loc>
<lastmod>2026-01-27T19:10:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exhibit-to-wp-gallery/exhibit-to-wp-gallery-002-reflected-cross-site-scripting</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1361-insecure-direct-object-reference-to-unsubscribe</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-152-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-lyte/youtube-lyte-1728-open-redirect</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fx-calculators/forex-calculators-136-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-bunnynet-integration/tutor-lms-bunnynet-integration-100-authenticated-tutor-instructor-stored-cross-site-scripting</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alt-report/alt-report-1120-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-refund-and-exchange-lite/return-refund-and-exchange-for-woocommerce-445-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-02-13T17:19:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-schema-pro/schema-pro-2715-authenticated-contributor-custom-field-access</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-greet/wp-greet-62-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-20T21:24:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fossura-tag-miner/tag-miner-automatic-tag-extraction-115-cross-site-scripting</loc>
<lastmod>2015-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vayu-blocks/vayu-blocks-131-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting-via-containerwidth-parameter</loc>
<lastmod>2025-06-02T20:13:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-source-control-isc/image-source-control-lite-show-image-credits-and-captions-391-authenticated-author-stored-cross-site-scripting-via-image-source-field</loc>
<lastmod>2026-04-20T07:57:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/utech-spinning-earth/utech-spinning-earth-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legal-pages/legal-pages-138-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bottom-bar/bottom-bar-017-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-05-19T12:04:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3_vertical_web_pricing_tables/css3-vertical-web-pricing-tables-19-reflected-cross-site-scripting</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwl-pro-voting-manager/bwl-pro-voting-manager-149-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blessing/blessing-premium-responsive-wordpress-theme-1321-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-typing-effect/typing-effect-136-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15112-authenticated-contributor-stored-cross-site-scripting-via-email</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conditional-payments-for-woocommerce/conditional-payments-for-woocommerce-231-cross-site-request-forgery</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plerdy-heatmap/website-optimization-plerdy-132-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-2620-missing-authorization-to-unauthenticated-limited-file-upload</loc>
<lastmod>2025-07-28T16:22:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-798-authenticated-author-remote-code-execution</loc>
<lastmod>2023-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-478-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sakolawp-lite/school-management-system-sakolawp-108-unauthenticated-privilege-escalation</loc>
<lastmod>2025-01-06T16:21:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gravity-forms-spreadsheets/connector-for-gravity-forms-and-google-sheets-124-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-contact-forms-quiz-survey-newsletter-payment-form-builder-for-wordpress-308-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/solene/solene-34-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-3320-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-options-update-via-wishlistmember_team_accounts_save_settings-ajax-action</loc>
<lastmod>2026-05-22T16:23:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardealer/car-dealer-415-authenticated-admin-content-injection</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-local-rank/true-ranker-229-cross-site-request-forgery-to-unauthorized-true-ranker-disconnection</loc>
<lastmod>2026-03-06T18:49:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/more-from-google/more-from-google-002-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-google-analytics/10webanalytics-128-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popular-posts/wordpress-popular-posts-551-reflected-cross-site-scripting</loc>
<lastmod>2022-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-382-open-redirect</loc>
<lastmod>2015-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-script-integration/custom-script-integration-21-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce/persian-woocommerce-716-missing-authorization</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-mainwp/compress-for-mainwp-65007-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-v1094-unauthenticated-sql-injection</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-logo-slideshow/responsive-logo-slideshow-12-cross-site-scripting</loc>
<lastmod>2013-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-reviews/ultimate-reviews-2133-php-object-injection</loc>
<lastmod>2020-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/modular/modular-24-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-1522-login-page-disclosure-via-actionconfirmaction</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-adminbar-color/contextual-adminbar-color-02-stored-cross-site-scripting</loc>
<lastmod>2020-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-216-open-redirect</loc>
<lastmod>2020-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-16118-unauthenticated-sql-injection-via-append_where_sql-parameter</loc>
<lastmod>2026-05-27T18:30:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3632-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-351-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner/advanced-database-cleaner-301-sql-injection</loc>
<lastmod>2020-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-513-reflected-cross-site-scripting-via-ays_gpg_settings_tab</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-site-importer/easy-site-importer-101-missing-authorization-to-authenticated-subscriber-settings-change</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/macme/macme-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0206-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svgator/svgator-add-animated-svg-easily-124-cross-site-request-forgery</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alert-box-block/alert-box-block-display-noticealerts-in-the-front-end-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freshmail-newsletter/freshmail-for-wordpress-158-sql-injection</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-455-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lobo/lobo-286-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nofollow-all-external-links/no-follow-all-external-links-210-230-backdoor</loc>
<lastmod>2017-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/colibri-wp/colibri-wp-1094-cross-site-request-forgery-to-limited-plugin-installation</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-ready/ready-google-maps-115-cross-site-scripting</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-292-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-6402-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qc-simple-link-directory/simple-link-directory-1481-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-ecommerce-shopping-cart-6124-cross-site-request-forgery</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-adsense-reloaded/quads-ads-manager-for-google-adsense-302-missing-authorization</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-58106-reflected-cross-site-scripting</loc>
<lastmod>2014-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/ecommerce-3151-cross-site-request-forgery-to-coupon-deletion</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/contact-forms-by-cimatti-plugin-198-cross-site-request-forgery</loc>
<lastmod>2025-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tf-numbers-number-counter-animaton/themeflection-numbers-181-authenticatedsubscriber-privilege-escalation-via-tf_numb_save_licenses</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/decorator-woocommerce-email-customizer/decorator-woocommerce-email-customizer-127-cross-site-request-forgery</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-tweets/floating-tweets-101-reflected-cross-site-scripting</loc>
<lastmod>2012-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta-manager/user-meta-manager-349-cross-site-request-forgery</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplr-sync/photo-engine-625-authenticated-author-insecure-direct-object-reference-in-ajax_generate_auth_token</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-shortcodes-creator/shortcodes-blocks-creator-ultimate-220-reflected-cross-site-scripting-via-_wpnonce</loc>
<lastmod>2024-12-06T11:59:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ochahouse/ochahouse-228-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worker/managewp-worker-4931-unauthenticated-stored-cross-site-scripting-via-mwp-key-name-header</loc>
<lastmod>2026-05-13T18:06:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-reviews/rich-reviews-174-stored-cross-site-scripting</loc>
<lastmod>2019-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-landing-page-popupx-marketing-automation-affiliate-marketing-44-cross-site-request-forgery-via-publish_lp</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager-pro/file-manager-pro-839-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-limit-login-attempts/wp-limit-login-attempts-201-sql-injection</loc>
<lastmod>2015-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tida-url-screenshot/tida-url-screenshot-101-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/current-age/current-age-plugin-16-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-on-demand-search-and-replace/multiple-plugins-various-versions-reflected-cross-site-scripting-via-cminds_free_guide-shortcode</loc>
<lastmod>2024-11-25T19:30:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smsify/smsify-604-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-group-documents/bp-group-documents-121-stored-cross-site-scripting</loc>
<lastmod>2013-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-grid-gallery/grid-gallery-photo-image-grid-gallery-124-stored-cross-site-scripting</loc>
<lastmod>2021-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/project-panorama-lite/panorama-wordpress-project-management-plugin-151-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-favicon/quick-favicon-0228-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recaptcha-for-all/recaptcha-for-all-222-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-classified-ads-wordpress-theme-517-missing-authorization-to-authenticated-subscriber-arbitrary-postattachment-deletion</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sevenhills/sevenhills-162-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-268-authenticated-author-limited-file-upload-to-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/last-viewed-posts/last-viewed-posts-by-wpbeginner-101-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-elementor-addons/better-elementor-addons-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapely-companion/shapely-companion-126-unprotected-ajax-action-to-content-import</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-651-reflected-cross-site-scripting-via-affiliate-editing</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speedycache/speedycache-113-missing-authorization-to-plugin-options-update</loc>
<lastmod>2023-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tab-my-content/tab-my-content-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-wordpress-posts-bulk-editor-and-manager-professional-1082-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-251-cross-site-request-forgery-to-post-updates</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-50-reflected-cross-site-scripting-via-envato_code</loc>
<lastmod>2024-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-facebook-feed/10web-social-post-feed-128-reflected-cross-site-scripting</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/atlas/atlas-210-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-everything/search-everything-816-sql-injection</loc>
<lastmod>2017-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/javo-spot/javo-spot-300-directory-traversal</loc>
<lastmod>2017-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-2910-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locatoraid/locatoraid-store-locator-3914-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-21-missing-authorization-to-event-access</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-based-login/ip-based-login-242-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zelist-directory/zelist-051107-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mf-gig-calendar/mf-gig-calendar-11-reflected-cross-site-scripting</loc>
<lastmod>2021-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-import-export-for-woocommerce/order-export-order-import-for-woocommerce-260-directory-traversal-to-authenticated-administrator-limited-arbitrary-file-read-via-download_file-function</loc>
<lastmod>2025-03-19T22:29:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listdom/listdom-ai-powered-business-directory-with-classifieds-ads-listings-550-unauthenticated-privilege-escalation</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-17013-authenticatedcontributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rdp-wiki-embed/rdp-wiki-embed-1220-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms-members/buddyforms-members-1421-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/all-in-one-addons-for-elementor-widgetkit-256-authenticated-contributor-stored-cross-site-scripting-via-team-and-countdown-widgets</loc>
<lastmod>2025-12-12T19:03:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newpost-catch/newpost-catch-1319-authenticated-contributor-stored-cross-site-scripting-via-npc-shortcode</loc>
<lastmod>2025-02-20T15:03:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-7006-cross-site-scripting</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-1918-cross-site-scripting</loc>
<lastmod>2016-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-slider/carousel-slider-223-cross-site-request-forgery</loc>
<lastmod>2024-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/wp-all-import-pro-497-authenticated-administrator-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-01-18T15:42:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-subscriptions/woocommerce-subscriptions-302-cross-site-request-forgery</loc>
<lastmod>2020-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-paypal-shortcodes/enhanced-paypal-shortcodes-05a-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-to-google-merchant-center/woo-product-feed-for-marketing-channels-190-missing-authorization</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-351-cross-site-scripting</loc>
<lastmod>2013-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-315-missing-authorization</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tableau-viz/simple-tableau-viz-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-store-toolkit/store-toolkit-for-woocommerce-157-privilege-escalation</loc>
<lastmod>2016-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-111-authenticated-local-file-inclusion</loc>
<lastmod>2022-05-16T13:55:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-and-registration-51911-missing-authorization-to-ticket-deletion</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awstats-script/awstats-script-03-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alphabetic-pagination/alphabetic-pagination-307-missing-authorization-to-unauthenticated-arbitrary-options-update</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdc-youtube-downloader/mdc-youtube-downloader-300-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chamber-dashboard-business-directory/chamber-dashboard-business-directory-3310-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/responsive/responsive-502-missing-authorization-to-html-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-1823-authenticated-contributor-stored-cross-site-scripting-via-button-widget</loc>
<lastmod>2024-06-06T20:49:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4996-reflected-cross-site-scripting</loc>
<lastmod>2024-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apexchat/apexchat-131-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breakdance/breakdance-172-missing-authorization</loc>
<lastmod>2024-07-31T17:55:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/git-sync/gitsync-110-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-repost/wp-repost-01-missing-authorization</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-550-missing-authorization</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-renamer/media-file-renamer-auto-manual-rename-525-cross-site-request-forgery</loc>
<lastmod>2021-04-08T23:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/delicate/delicate-355-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-09-12T21:31:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-parcel-pro/woocommerce-parcel-pro-1611-cross-site-request-forgery</loc>
<lastmod>2023-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-765-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xl-tab/xltab-accordions-and-tabs-for-elementor-page-builder-14-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authors-list/authors-list-206-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-profitshare/wp-profitshare-149-authenticated-editor-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-field-validation/contact-form-7-custom-validation-113-unauthenticated-sql-injection-via-post</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-fees-for-woocommerce/payment-gateway-based-fees-and-discounts-for-woocommerce-2121-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-on-ajax_move_object</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2440-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-auto-post-thumbnail-417-authenticated-author-server-side-request-forgery</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dor/dr-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-email-assign-templates/bp-email-assign-templates-16-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-portfolio/modal-portfolio-1742-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T20:12:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-video-gallery-with-lightbox/video-carousel-slider-with-lightbox-10-cross-site-request-forgery</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41023-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-popup/newsletter-popup-12-cross-site-request-forgery-to-list-deletion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-6810-sensitive-information-exposure-via-logfile</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/passbeemedia-web-push-notifications/passbeemedia-web-push-notification-100-reflected-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/v-form/vpsuform-3224-authenticated-contributor-information-exposure</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-notifications/advanced-notifications-127-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc4bp/buddypress-woocommerce-my-account-integration-create-woocommerce-member-pages-3425-cross-site-request-forgery-to-limited-settings-update</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-3332-reflected-cross-site-scripting</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/child-height-predictor/child-height-predictor-by-ostheimer-13-cross-site-request-forgery-to-settings-update-via-plugin-settings-form</loc>
<lastmod>2026-05-19T12:04:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-attachments/download-attachments-131-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/musico/musico-345-reflected-cross-site-scripting</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-slug-translate/simple-slug-translate-272-authenticated-administrator-stored-cross-site-scritping</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-273-unauthenticated-php-object-injection</loc>
<lastmod>2023-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buk-appointments/buk-for-wordpress-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T16:00:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sh-email-alert/sh-email-alert-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-25T14:11:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attendance-manager/attendance-manager-056-stored-cross-site-scripting</loc>
<lastmod>2019-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-helper/media-library-helper-by-codexin-120-cross-site-request-forgery-via-rate_the_plugin_action</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook/real3d-flipbook-28-directory-traversal-via-uploads</loc>
<lastmod>2016-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-student-result/student-result-or-employee-database-179-missing-authorization</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cliplink/cliplink-11-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mpdf/wp-mpdf-371-reflected-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mas-wp-job-manager-company/mas-companies-for-wp-job-manager-1013-reflected-cross-site-scripting</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-path/slider-path-for-elementor-300-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-management/wpchurch-270-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-spreadsheet-fetcher-for-google/wp-simple-spreadsheet-fetcher-for-google-037-cross-site-request-forgery</loc>
<lastmod>2020-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whydonate/whydonate-4015-missing-authorization</loc>
<lastmod>2025-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-410-reflected-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intl-datetime-calendar/intl-datetime-calendar-101-authenticated-contributor-stored-cross-site-scripting-via-date-parameter</loc>
<lastmod>2025-08-15T14:54:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-template/wp-email-template-283-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-ti-woocommerce-wishlist-pro-1401-unauthenticated-sql-injection</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-sudan-payment-gateway/sudan-payment-gateway-for-woocommerce-122-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-bootstrap-slider/twitter-bootstrap-slider-113-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-counter-button/download-counter-button-1867-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-locator/ip-locator-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hr-management/crew-hrm-111-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviews-feed/reviews-feed-add-testimonials-and-customer-reviews-from-google-reviews-yelp-tripadvisor-and-more-112-missing-authorization-to-authenticated-subscriber-limited-settings-update</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-payments-for-woocommerce/mollie-payments-for-woocommerce-811-reflected-cross-site-scripting</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-site-builder-for-elementor/stylepress-for-elementor-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-wordpress-70-cross-site-request-forgery</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-predictive-search/woocommerce-predictive-search-580-cross-site-request-forgery-via-multiple-ajax-actions</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3632-unauthenticated-sql-injection-via-auction_id</loc>
<lastmod>2025-12-04T18:36:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melapress-login-security/melapress-login-security-210-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/coming-soon-page-under-construction-maintenance-mode-by-seedprod-6174-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-content-importer/json-content-importer-156-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/wp-cerber-security-90-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-follow-up-emails/woocommerce-follow-up-emails-4950-authenticated-follow-up-emails-manager-sql-injection</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-282-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-my-wordpress/demo-my-wordpress-1091-unauthenticated-privilege-escalation</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-awesome-4-menus/font-awesome-4-menus-470-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2333-cross-site-request-forgery-to-plugin-installation</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluesnap-payment-gateway-for-woocommerce/bluesnap-payment-gateway-for-woocommerce-340-missing-authorization-to-unauthenticated-arbitrary-order-status-manipulation</loc>
<lastmod>2026-02-13T16:19:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-404-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-212-authenticated-contributor-stored-cross-site-scripting-in-multiple-widgets</loc>
<lastmod>2024-06-05T15:27:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-670-cross-site-request-forgery</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alley-elementor-widget/alley-elementor-widget-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hm-cool-author-box-widget/cool-author-box-300-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2046-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T14:17:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/distance-based-shipping-calculator/distance-based-shipping-calculator-2022-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-202-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-6514-cross-site-request-forgery-via-action_restore_events</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-edit-user-profiles-in-spreadsheet/bulk-edit-and-create-user-profiles-wp-sheet-editor-1513-cross-site-scripting</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-popups/advanced-popups-111-cross-site-request-forgery-bypass</loc>
<lastmod>2020-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-contact-form/quick-contact-form-826-unauthenticated-open-mail-relay</loc>
<lastmod>2026-01-16T13:59:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-1733-cross-site-request-forgery</loc>
<lastmod>2015-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tooltips/simple-tooltips-214-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ce21-suite/ce21-suite-220-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-541-authenticated-contributor-local-file-inclusion-via-clients-widget</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/useinfluence/useinfluence-108-cross-site-request-forgery</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wisemove/multiple-themes-by-axiomthemes-themerex-and-ancorathemes-1180-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dm-albums/dm-albums-192-remote-file-inclusion</loc>
<lastmod>2009-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hr-manager/wp-hr-manager-the-human-resources-plugin-for-wordpress-310-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-16266-cross-site-request-forgery</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intuitive-custom-post-order/intuitive-custom-post-order-3141-authenticated-admin-sql-injection</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2103-authenticated-administrator-arbitrary-function-call</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1387-cross-site-request-forgery-via-wpr_update_form_action_meta</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-3013-cross-site-scripting</loc>
<lastmod>2013-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-addons-for-elementor/skt-addons-for-elementor-20-authenticated-contributor-stored-cross-site-scripting-via-age-gate-and-creative-slider-widgets</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-plugin-10-cross-site-scripting</loc>
<lastmod>2017-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-custom-post-order/simple-custom-post-order-257-missing-authorization</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-triggered-animations/animator-3015-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mshop-naver-talktalk/-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ziplist-recipe-plugin/ziplist-recipe-31-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meteor/wp-meteor-website-speed-optimization-addon-3416-unauthenticated-stored-cross-site-scripting-via-comment</loc>
<lastmod>2026-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-274-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attachments-handler/attachments-handler-117-reflected-cross-site-scripting</loc>
<lastmod>2025-12-19T15:06:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wip-incoming-lite/wip-incoming-lite-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:41:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-business-directory-and-classified-ad-listing-3625-missing-authorization</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dextaz-ping/dextaz-ping-065-authenticated-admin-remote-code-execution</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onoffice-for-wp-websites/onoffice-for-wp-websites-57-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smilepure/smilepure-185-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-by-supsystic/newsletter-by-supsystic-118-cross-site-request-forgery</loc>
<lastmod>2017-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-bar/top-bar-33-missing-authorization</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-2088-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-feed-statistics/feed-statistics-40-open-redirect</loc>
<lastmod>2014-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects-addon-bulk-uploader/simple-301-redirects-addon-bulk-uploader-124-missing-authentication-on-option-changes</loc>
<lastmod>2019-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/consus/extend-themes-multiple-versions-cross-site-request-forgery</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flynax-bridge/flynax-bridge-220-unauthenticated-arbitrary-user-deletion</loc>
<lastmod>2025-05-01T12:37:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hdforms/hdforms-161-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-6114-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yesno/yesno-chart-1012-authenticated-sql-injection</loc>
<lastmod>2021-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-140-unauthenticated-arbitrary-email-sending</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-extended/advanced-custom-fields-extended-0893-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugins-dashboard/download-plugins-and-themes-from-dashboard-187-cross-site-request-forgery</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1132-authenticated-contributor-dom-based-stored-cross-site-scripting-via-text-separator-and-image-compare-widget</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2622-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-04-10T22:38:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reuters-direct/reuters-direct-300-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shorten-url/short-url-167-missing-authorization-via-multiple-ajax-functions</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3307-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-xprofile-custom-fields-type/buddypress-xprofile-custom-fields-type-263-arbitrary-file-deletion</loc>
<lastmod>2018-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bns-twitter-follow-button/bns-twitter-follow-button-038-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-2241-privilege-escalation-to-arbitrary-post-modification</loc>
<lastmod>2014-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-content-management/my-content-management-171-cross-site-scripting</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iq-block-country/iq-block-country-1120-reflected-cross-site-scripting</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-202510-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/track-the-click/track-the-click-0311-authenticated-author-sql-injection-via-stats-rest-endpoint</loc>
<lastmod>2023-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtmetrix-for-wordpress/gtmetrix-for-wordpress-045-reflected-cross-site-scripting-via-url</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chillpay-payment-gateway/chillpay-woocommerce-253-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-download-media-counter/easy-download-media-counter-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-edit-menu/wp-edit-menu-150-missing-authorization-to-post-deletion</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sala/sala-113-reflected-cross-site-scripting</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-categories-search-widget/ab-categories-search-widget-025-reflected-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery-premium/foogallery-premium-233-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitterpost/twitter-post-01-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-support-ticket-system-200-arbitrary-file-upload</loc>
<lastmod>2019-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-logpagecontent-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-3290-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-wordpress-currency-switcher-professional-131-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mikiurl-wordpress-eklentisi/mikiurl-wordpress-eklentisi-20-cross-site-scripting</loc>
<lastmod>2014-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-support/fluent-support-157-authenticated-administrator-sql-injection</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6020-cross-site-request-forgery-leading-to-pluginsubscription-deletion</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-amazon-s3/easy-digital-downloads-amazon-s3-213-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-593-cross-site-request-forgery</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-manager/newsletter-manager-151-insecure-deserialization</loc>
<lastmod>2020-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shoppette/easy-digital-downloads-shoppette-theme-105-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-members-only/buddypress-members-only-348-improper-access-control-to-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2024-06-05T15:33:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-page-contact-people/contact-us-page-contact-people-374-authenticated-contributor-stored-cross-site-scripting-via-style-parameter</loc>
<lastmod>2025-06-12T13:07:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketo-forms-and-tracking/marketo-forms-and-tracking-102-cross-site-request-forgery</loc>
<lastmod>2020-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-affiliation/lws-plugins-various-versions-missing-authorization-checks</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tmm_stripe_checkout/thememakers-stripe-checkout-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-823-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-9038-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-ai-seo-tools-to-dominate-seo-rankings-10271-missing-authorization-to-unauthenticated-homepage-settings-modification</loc>
<lastmod>2026-05-28T21:09:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tmm_content_composer/thememakers-visual-content-composer-158-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-plus-for-woocommerce-713-missing-authorization-to-arbitrary-options-disclosure</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ymm-search/year-make-model-search-for-woocommerce-1011-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orbisius-child-theme-creator/child-theme-creator-by-orbisius-155-missing-authorization-to-authenticated-subscriber-cloud-snippet-updatedelete</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-blacklist-cloud/ip-blacklist-cloud-500-reflected-cross-site-scripting</loc>
<lastmod>2022-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowall/videowall-all-versions-reflected-cross-site-scripting</loc>
<lastmod>2013-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-125-unrestricted-file-upload</loc>
<lastmod>2015-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/droip/droip-252-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-07-24T17:25:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-961-reflected-cross-site-scripting</loc>
<lastmod>2025-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-2114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/koko-analytics/koko-analytics-1312-reflected-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-form/advanced-comment-form-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/edifice/edifice-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beautiful-and-responsive-cookie-consent/beautiful-cookie-consent-banner-290-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-image-display/easy-image-display-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/rss-aggregator-rss-import-news-feeds-feed-to-post-and-autoblogging-5010-authenticated-contributor-stored-cross-site-scripting-via-wp-rss-aggregator-shortcode</loc>
<lastmod>2026-01-22T17:08:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-135-denial-of-service</loc>
<lastmod>2021-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/popularfx/popularfx-124-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubotchat/qubotchat-115-unauthenticated-self-based-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bestbooks/bestbooks-263-unauthenticated-sql-injection</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-276-authenticated-contributor-stored-cross-site-scripting-via-animated-text-and-image-comparison-widgets</loc>
<lastmod>2025-02-27T18:56:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-building-plugin/internal-link-building-123-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/easy-accept-payments-4910-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-plus/wc-plus-120-missing-authorization-to-unauthenticated-settings-manipulation</loc>
<lastmod>2025-08-22T15:49:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supersaas-appointment-scheduling/supersaas-online-appointment-scheduling-219-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-simple-privacy-friendly-google-analytics-alternative-14166-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftcontroller/shiftcontroller-employee-shift-scheduling-4966-reflected-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1023-reflected-cross-site-scripting</loc>
<lastmod>2016-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-google-map/contact-form-7-extension-for-google-map-fields-183-stored-cross-site-scripting</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aicomments/aicomments-141-cross-site-request-forgery</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-contact-form-widget-for-elementor-page-builder-gutenberg-blocks-form-builder-221-directory-traversal-to-arbitrary-file-move</loc>
<lastmod>2025-07-14T15:58:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixfort-core/pixfort-core-3222-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-1304-open-redirection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-price-widget/cryptocurrency-price-widget-123-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invition-print-ship/printeers-print-ship-1170-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-by-azexo/page-builder-by-azexo-127133-missing-authorization-to-post-creation</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-network-tabs/social-network-tabs-social-media-api-key-leakage-171-information-exposure</loc>
<lastmod>2019-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zingiri-web-shop/zingiri-web-shop-240-multiple-vulnerabilities</loc>
<lastmod>2012-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-inline-form-woocommerce-285-authenticated-contributor-stored-cross-site-scripting-via-xoo_el_action-shortcode</loc>
<lastmod>2025-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unlimhost/unlimhost-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-wordpress-currency-switcher-professional-119-missing-authorization-to-custom-drop-down-currency-switcher-creation</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tipsacarrier/tipsacarrier-1505-missing-authorization-to-order-disclosure</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slickquiz/slickquiz-1371-authenticated-sql-injection</loc>
<lastmod>2019-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/algenix/algenix-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/wp-jobsearch-267-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-05T19:58:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customizer-export-import/customizer-exportimport-095-authenticated-administrator-php-object-injection</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-checklist/frontend-checklist-232-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-user-capabilities/simple-user-capabilities-10-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-11-03T15:33:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/livemesh-addons-for-wpbakery-page-builder-394-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-plugin-by-blubrry-11125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedocs/wedocs-214-missing-authorization</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-campaigns/zoho-campaigns-207-cross-site-request-forgery-via-zcwc_optin_save</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/u-design-core/udesign-core-4140-reflected-cross-site-scripting</loc>
<lastmod>2025-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-page-order/my-page-order-43-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpqa/wpqa-builder-forms-addon-for-wordpress-57-information-disclosure</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-302-authenticated-contributor-arbitrary-nonce-generation</loc>
<lastmod>2024-06-19T14:33:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-recipes/zip-recipes-806-reflected-cross-site-scripting-via-s-parameter</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-mailchimp-for-wordpress-484-open-redirect</loc>
<lastmod>2021-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-coach/gs-coaches-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ssl-wireless-sms-notification/ssl-wireless-sms-notification-360-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vod-infomaniak/vod-infomaniak-156-reflected-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripetto/tripetto-809-cross-site-request-forgery-to-arbitrary-results-deletion</loc>
<lastmod>2025-03-14T22:58:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invisible-optin/invisible-optin-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-altcoin-payment-gateway/bitcoin-altcoin-payment-gateway-for-woocommerce-176-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-blocking-detector/ad-blocking-detector-360-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-notifications-widget/buddypress-notification-widget-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopwords-for-comments/stopwords-for-comments-11-missing-authorization-to-cross-site-request-forgery</loc>
<lastmod>2026-01-13T17:31:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miraculouscore/miraculous-core-207-unauthenticated-privilege-escalation</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/folo/folo-unknown-versions-cross-site-scripting</loc>
<lastmod>2013-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-press-optimizer-lite/ab-press-optimizer-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T16:06:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-responsive-multi-purpose-theme-714-reflected-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-my-ontraport-smartform/theme-my-ontraport-smartform-1211-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/photo-gallery-by-foogallery-responsive-image-gallery-masonry-gallery-carousel-3131-authenticated-contributor-stored-cross-site-scripting-via-custom_attribute_key-shortcode-parameter</loc>
<lastmod>2026-06-12T18:03:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-643-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-product-add-ons/yith-woocommerce-product-add-ons-4130-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-1101-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-manager/wp-event-manager-events-calendar-registrations-sell-tickets-with-woocommerce-31371-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3312-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-04-17T19:29:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apus-framework/apus-framework-24-authenticated-subscriber-arbitrary-options-update-in-import_page_options</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-rocket/event-rocket-33-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-social-media-links/floating-social-media-links-152-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-html-mail/wp-html-mail-340-cross-site-request-forgery-via-send_test</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects/simple-301-redirects-by-betterlinks-207-missing-authorization-via-clicked</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grillandchow/grill-and-chow-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-sharing/social-media-sharing-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-bootstrap-elements-for-elementor/ultimate-bootstrap-elements-for-elementor-149-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-acf-681-unauthenticated-arbitrary-post-modification-via-front-end-form-_post_title-and-_post_content-parameters</loc>
<lastmod>2026-05-30T14:23:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-builder/wc-builder-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fpo/wp-fpo-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waymark/waymark-152-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-3323-object-injection</loc>
<lastmod>2021-10-21T16:05:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-wordpress-directory-listing-theme-20145-reflected-cross-site-scripting</loc>
<lastmod>2019-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/wp-lead-plus-x-099-cross-site-request-forgery</loc>
<lastmod>2020-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-popup/jetpopup-20151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-addons-for-elementor/table-addons-for-elementor-212-authenticated-contributor-stored-cross-site-scripting-via-_id-parameter</loc>
<lastmod>2024-06-21T13:07:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fw-gallery/fw-gallery-800-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contexture-page-security/page-security-membership-1515-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resads/resads-205-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nelson/nelson-120-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whole-cart-enquiry/whole-enquiry-cart-for-woocommerce-121-authenticated-administrator-stored-cross-site-scripting-via-woowhole_success_msg-parameter</loc>
<lastmod>2026-04-07T17:51:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exit-notifier/exit-notifier-1104-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T21:16:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearfy/clearfy-cache-224-missing-authorization</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-179-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-3114-authenticated-contributor-stored-cross-site-scripting-via-lazy-loaded-image-attributes</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emag-marketplace-connector/emag-marketplace-connector-101-reflected-cross-site-scripting</loc>
<lastmod>2017-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitesupercharger/sitesupercharger-5110-unauthenticated-sql-injection</loc>
<lastmod>2022-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpglobus-translate-options/wpglobus-translate-options-220-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T18:07:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-easy-automation-integration-webhooks-workflow-builder-plugin-7312-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-support/svg-support-25-251-insecure-plugin-defaults-to-cross-site-scripting</loc>
<lastmod>2022-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-cross-site-request-forgery-via-wp-trackbackphp</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardealer/car-dealer-446-missing-authorization</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy2map/easy2map-124-sql-injection</loc>
<lastmod>2015-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-design-maps-places/wp-design-maps-places-12-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0941-authenticated-arbitrary-file-download</loc>
<lastmod>2016-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slightly-troublesome-permalink/slightly-troublesome-permalink-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2913-cross-site-request-forgery</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/oauth-single-sign-on-sso-oauth-client-6263-authentication-bypass</loc>
<lastmod>2024-12-11T15:14:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-331-authenticated-subscriber-information-disclosure-via-mf_payment_status-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drawit/drawit-drawio-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-7711-authenticated-contributor-information-disclosure</loc>
<lastmod>2024-08-28T15:35:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenorganic/greenorganic-245-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-575-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-5006-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/andersonclinic/anderson-142-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ricerca-smart-search/ricerca-advanced-search-1112-authenticated-administrator-stored-cross-site-scripting-via-plugins-settings</loc>
<lastmod>2026-03-20T15:14:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-support-ticket-system/woocommerce-support-ticket-system-177-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1180px-shortcodes/1180px-shortcodes-111-authenticated-contributor-stored-cross-site-scripting-via-class-shortcode-attribute</loc>
<lastmod>2026-01-06T20:29:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-1733-blind-sql-injection</loc>
<lastmod>2015-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-4760-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-4100-missing-authorization-to-unauthenticated-forms-campaign-association</loc>
<lastmod>2025-10-03T14:13:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-forms-plugin-for-wordpress-918-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-30T12:12:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-mainwp/wp-compress-for-mainwp-63032-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remote-upload/wp-remote-upload-121-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2016-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-410-missing-authorization</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/disconnected/disconnected-130-reflected-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-logging/wp-mail-logging-1112-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jannah/jannah-760-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-lyte/wp-youtube-lyte-1729-authenticated-contributor-stored-cross-site-scripting-via-lyte-shortcode</loc>
<lastmod>2026-04-15T12:25:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/use-your-drive/use-your-drive-google-drive-plugin-for-wordpress-331-unauthenticated-stored-cross-site-scripting-via-file-metadata</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-bs-crm/jetpack-crm-542-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/play-ht/playht-make-your-blog-posts-accessible-with-text-to-speech-audio-364-cross-site-request-forgery</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-111-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/applicantpro/isolved-talent-acquisition-139-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-website-builder-pro-3201-authenticated-contributor-stored-cross-site-scripting-via-post-navigation</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kallyas/kallyas-4210-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0935-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2020-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41052-authenticated-contributor-stored-cross-site-scripting-via-media-grid-widget</loc>
<lastmod>2024-09-26T18:10:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-3100-reflected-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/blubrry-powerpress-111515-authenticated-contributor-stored-cross-site-scripting-via-powerpress-and-podcast-shortcodes</loc>
<lastmod>2026-04-07T13:33:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prodigy-commerce/prodigy-commerce-330-unauthenticated-local-file-inclusion-via-parameterstemplate_name</loc>
<lastmod>2026-02-18T15:52:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-and-history-slider/timeline-and-history-slider-23-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-121-missing-authorization-checks-leading-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-scrollbar/advanced-scrollbar-118-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bybrick-accordion/bybrick-accordion-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ppv-live-webcams/paid-videochat-turnkey-site-7311-authentication-bypass</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-247-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-horizontal-vertical-and-accordion-tabs/wp-responsive-tabs-horizontal-vertical-and-accordion-tabs-1115-reflected-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snsnitan/nitan-29-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-showcase/logo-showcase-304-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-sell-with-paypal-and-stripe-2702-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-10-03T14:48:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-thumbs/post-thumbs-15-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vmax-project-manager/vmax-project-manager-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-security-aios-security-and-firewall-508-ip-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activity-reactions-for-buddypress/activity-reactions-for-buddypress-1022-missing-authorization</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adl-post-slider/post-slider-167-missing-authorization</loc>
<lastmod>2022-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libreform/wp-libre-form-2-208-sensitive-information-disclosure</loc>
<lastmod>2022-07-22T13:07:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-missing-authorization-in-migratecommontoproductonly-function</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dbmanager/wp-dbmanager-272-os-command-injection</loc>
<lastmod>2014-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-576-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rccp-free/ringcentral-communications-161-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-optimizer/wp-database-optimizer-1213-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-window/modal-window-615-authenticated-contributor-stored-cross-site-scripting-via-iframebox-shortcode</loc>
<lastmod>2025-02-19T19:43:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-service-payment-form-with-authorizenet/wp-service-payment-form-with-authorizenet-260-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fox-lms/fox-lms-wordpress-lms-plugin-1047-1051-unauthenticated-privilege-escalation-via-createorder</loc>
<lastmod>2025-12-15T02:23:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-newsletters/newspack-newsletters-3130-open-redirect</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dnui-delete-not-used-image-wordpress/dnui-281-cross-site-request-forgery-leading-to-unused-image-deletion-and-database-image-access</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/typer-core/typer-core-196-authenticated-contributor-post-disclosure</loc>
<lastmod>2025-01-30T00:43:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tweet/simple-tweet-1402-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/world-cup-predictor/world-cup-predictor-196-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-map-of-florida/interactive-regional-map-of-florida-10-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tantum/tantum-1113-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-404-pages-redirect-to-homepage/all-404-pages-redirect-to-homepage-19-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailoptin/mailoptin-12750-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/local-shipping-labels-for-woocommerce/local-shipping-labels-for-woocommerce-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ider-login/ider-login-for-wordpress-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T16:01:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-seo-meta-tags/category-seo-meta-tags-25-cross-site-request-forgery-via-csmt_admin_options</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-lite-453-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-4510-missing-authorization-to-settings-change</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-651-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-130-authenticated-admin-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-05-29T15:53:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-10010-unauthenticated-sensitive-information-disclosure-via-datatables-ajax-fallback</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-selectall-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-inventory-management/scanventory-113-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-crm/fluentcrm-marketing-automation-for-wordpress-2801-insufficient-use-of-hash-as-authorization-control</loc>
<lastmod>2023-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-content/privatecontent-843-protection-mechanism-bypass</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/projectopia-core/projectopia-8211-wordpress-project-management-5116-missing-authorization-to-authenticated-subscriber-arbitrary-option-deletion</loc>
<lastmod>2025-04-30T15:45:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpematico/wpematico-rss-feed-fetcher-2812-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-search/wordpress-wp-advanced-search-339-unauthenticated-sql-injection</loc>
<lastmod>2024-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/calafate/calafate-177-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rio-video-gallery/rio-video-gallery-236-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mf-gig-calendar/mf-gig-calendar-121-cross-site-request-forgery-to-event-deletion</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-for-post-and-buddypress/push-notification-for-post-and-buddypress-207-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T19:02:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1749-authenticated-subscriber-authorization-bypass-to-privilege-escalation</loc>
<lastmod>2024-09-14T00:06:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesmanago/salesmanago-324-log-injection-via-weak-authentication-token</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-vendors/wc-vendors-marketplace-244-authenticated-contributor-stored-cross-sites-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-287-ip-address-spoofing</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-widget/maps-widget-for-google-maps-424-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-shortcodes/extra-shortcodes-22-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/key4ce-osticket-bridge/key4ce-osticket-bridge-140-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shabbos-and-yom-tov/shabbos-and-yom-tov-19-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-church-donation/wp-church-donation-17-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T19:33:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-related-posts-plugin/yarpp-yet-another-related-posts-plugin-5302-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multimanager-wp/multimanager-wp-manage-all-your-wordpress-sites-easily-105-authentication-bypass-via-user-impersonation</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/p3-profiler/p3-plugin-performance-profiler-1539-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-301-cross-site-request-forgery-to-customer-deletion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qc-simple-link-directory/simple-link-directory-pro-1481-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrative-shortcodes/administrative-shortcodes-034-authenticated-contributor-stored-cross-site-scripting-via-login-and-logout-shortcode-attributes</loc>
<lastmod>2026-01-23T19:21:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sender/sender-by-bestwebsoft-120-reflected-cross-site-scripting</loc>
<lastmod>2019-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restricted-content/restrict-membership-site-content-and-user-access-restrictions-for-wordpress-228-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-hidecollapse-expand/show-hide-collapse-expand-126-missing-authorization</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-assist/bit-assist-152-path-traversal-to-authenticated-subscriber-arbitrary-file-read-via-fileid-parameter</loc>
<lastmod>2025-02-14T23:52:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-511-insecure-password-reset-mechanism</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webhooks/wp-webhooks-335-unauthenticated-arbitrary-file-copy</loc>
<lastmod>2025-08-20T19:26:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coinpayments-payment-gateway-for-woocommerce/coinpaymentsnet-payment-gateway-for-woocommerce-1017-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/0mk-shortener/0mk-shortener-02-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newscard/newscard-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-gravity-forms/gravity-forms-google-sheet-connector-134-cross-site-request-forgery-via-verify_code_integation_new</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-task-team-and-project-management-plugin-featuring-kanban-board-and-gantt-charts-2613-insecure-direct-object-reference-to-unauthenticated-authorization-bypass</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prodigy-commerce/prodigy-commerce-312-missing-authorization</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-480-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-7310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-force/crypto-and-defi-widgets-web3-cryptocurrency-shortcodes-116-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:48:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-menu-lite/ht-menu-121-cross-site-request-forgery-via-plugin_activation</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/wp-all-import-346-cross-site-scripting</loc>
<lastmod>2018-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-1091-authenticated-admin-sql-injection-via-tp_editor</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-742-authenticated-author-stored-cross-site-scripting-via-image-title-and-slide-link</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-made-easy/events-made-easy-1620-stored-cross-site-scripting</loc>
<lastmod>2016-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noakes-menu-manager/nav-menu-manager-325-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmag/newsmag-244-reflected-cross-site-scripting</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robotcpa/robotcpa-5-unauthenticated-local-file-inclusion</loc>
<lastmod>2015-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-price-ticker-widget/cryptocurrency-widgets-price-ticker-coins-list-262-missing-authorization</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-show-core/wpb-show-core-22-unauthenticated-server-side-request-forgery</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/passwords-manager/passwords-manager-148-unauthenticated-sql-injection</loc>
<lastmod>2025-01-15T21:19:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-currency-switcher-professional-for-woocommerce-1421-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-09-13T13:27:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-maps/html5-maps-1656-cross-site-request-forgery</loc>
<lastmod>2019-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activecampaign-subscription-forms/activecampaign-802-cross-site-request-forgery</loc>
<lastmod>2020-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-3612-authenticated-administrator-php-objection-injection</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fountain/wp-fountain-159-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-basic-contact-form/simple-basic-contact-form-20240502-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-image-store/cp-image-store-with-slideshow-1067-unauthenticated-sql-injection</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jet-elements-2721-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-01-20T20:12:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nanosoft/nanosoft-132-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-221-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-tag-manager/image-tag-manager-15-reflected-cross-site-scripting-via-default_class</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/byconsole-woo-order-delivery-time/wooodt-lite-255-unauthenticated-payment-bypass</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wappointment/appointment-bookings-for-zoom-googlemeet-and-more-wappointment-224-stored-cross-site-scripting</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/third-party-cookie-eraser/third-party-cookie-eraser-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-o-matic/print-o-matic-217-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onelogin-saml-sso/onelogin-saml-sso-312-open-redirection</loc>
<lastmod>2021-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stm-megamenu/megamenu-2312-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envato-affiliater/envato-affiliater-124-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-on-demand-search-and-replace/cm-wordpress-search-and-replace-plugin-138-cross-site-request-forgery-to-plugin-setting-reset</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-listing-realtyna-wpl/realtyna-organic-idx-plugin-wpl-real-estate-510-unauthenticated-sql-injection</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2083-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-showhide/wp-showhide-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smm-api/smm-api-6030-missing-authorization</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-74-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteorigin-panels/page-builder-by-siteorigin-2335-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-03-02T13:14:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-title-for-elementor/accordion-title-for-elementor-121-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dologin/dologin-security-36-ip-address-spoofing</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-420-reflected-cross-site-scripting</loc>
<lastmod>2020-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-invoice/wp-invoice-web-invoice-and-billing-410-privilege-escalation</loc>
<lastmod>2016-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mipl-wc-multisite-sync/mipl-wc-multisite-sync-144-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getresponse-official/email-marketing-for-wordpress-by-getresponse-official-153-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-listings/auto-listings-271-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-image-optimizer-all-in-one-61033-unauthenticated-directory-traversal-via-css</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notice-bar/notice-bar-310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-jwt-login/simple-jwt-login-321-insecure-password-creation</loc>
<lastmod>2021-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-slider/b-slider-gutenberg-slider-block-for-wp-1130-authenticated-subscriber-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2025-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-learning-pro/ultimate-learning-pro-391-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3017-privilege-escalation</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accesspress-social-icons/accesspress-social-icons-182-backdoor</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lindo/lindo-125-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extendons-eo-wooimport-export/woocommerce-csv-import-export-206-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-product-fields-for-woocommerce/advanced-product-fields-product-addons-for-woocommerce-1619-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-825-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-membership/wp-membership-163-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkbot/checkbot-105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mtouch-quiz/mtouch-quiz-307-sql-injection</loc>
<lastmod>2014-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-subscribe-button/podlove-subscribe-button-1311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-upload-for-bbpress/inline-image-upload-for-bbpress-1119-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-03-28T18:36:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-743-authenticated-subscriber-sensitive-information-disclosure</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvn-username-changer/wpvn-078-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpqa/wpqa-builder-forms-addon-for-wordpress-52-insecure-direct-object-reference-to-profile-picture-deletion</loc>
<lastmod>2022-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nemesis-all-in-one/nemesis-all-in-one-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/otaku/otaku-180-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/album-and-image-gallery-plus-lightbox/album-and-image-gallery-plus-lightbox-162-cross-site-request-forgery</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-athletics/wp-athletics-117-reflected-cross-site-scripting</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailarchiver/mailarchiver-440-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2026-03-06T11:56:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-2301-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotelrunner/hotelrunner-booking-widget-524-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:27:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelcockpit/funnelcockpit-143-reflected-cross-site-scripting-via-error-parameter</loc>
<lastmod>2025-07-23T20:46:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rocket-media-library-mime-type/rocket-media-library-mime-type-210-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xavins-list-subpages/xavins-list-subpages-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-06T13:31:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-321-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-admin-bar/wp-hide-admin-bar-20-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0835-multiple-cross-site-request-forgery</loc>
<lastmod>2015-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/options-for-twenty-seventeen/options-for-twenty-seventeen-250-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-best-poll-plugin-for-wordpress-158-reflected-cross-site-scripting</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-vehicle-data-uk/rapid-car-check-vehicle-data-212-missing-authorization</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-checkout-field-editor-pro/checkout-field-editor-checkout-manager-for-woocommerce-217-unauthenticated-stored-cross-site-scripting-via-block-checkout-custom-radio-field</loc>
<lastmod>2026-03-10T21:13:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-builder/ht-builder-129-cross-site-request-forgery-via-plugin_activation</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-tabs-for-woocommerce/additional-custom-product-tabs-for-woocommerce-170-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-manager/wp-table-manager-352-missing-authorization</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-to-top/dynamic-to-top-352-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-wp-superbackup/wp-superbackup-233-missing-authorization-to-unauthenticated-back-up-file-download</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-3610-code-injection</loc>
<lastmod>2022-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/property/property-105-106-missing-authorization-to-authenticated-author-privilege-escalation-via-property_package_user_role-metadata-in-paypal-registration</loc>
<lastmod>2025-05-26T21:31:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsivity/responsivity-006-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-engine/document-engine-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-5571-cross-site-scripting</loc>
<lastmod>2015-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-pages-shortcode/display-pages-shortcode-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:28:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3207-authenticated-contributor-stored-cross-site-scripting-via-_elementor_data-meta-field</loc>
<lastmod>2026-02-02T17:49:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsearchwp/chatbot-with-chatgpt-244-unauthenticated-sql-injection</loc>
<lastmod>2024-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpulse-email-marketing-newsletter/sendpulse-email-marketing-newsletter-221-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3141-authenticated-contributor-sensitive-information-disclosure-via-block-editor-token</loc>
<lastmod>2026-03-27T18:10:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdevart-vertical-menu/responsive-vertical-icon-menu-158-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mTheme-Unus/mtheme-unus-23-directory-traversal-to-unauthenticated-arbitrary-file-read</loc>
<lastmod>2015-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-swagger/embed-swagger-100-reflected-cross-site-scripting</loc>
<lastmod>2022-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/repayment-calculator/loan-calculator-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-3132-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-22T13:28:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-front-end-login-form-user-registration-user-profile-members-directory-plugin-for-wp-1244-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/manufaktursolutions/manufaktur-solutions-111-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-security-checker/ultimate-security-checker-42-cross-site-request-forgery</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/studio99-wp-monitor/studio99-wp-monitor-103-missing-authorization</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-infusionsoft/gravity-forms-keapinfusionsoft-123-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/cerber-security-anti-spam-malware-scan-27-stored-cross-site-scripting</loc>
<lastmod>2016-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-plus-for-woocommerce-712-missing-authorization-to-arbitrary-pagepost-deletion</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-author/wp-post-author-enhance-your-posts-with-the-author-bio-co-authors-guest-authors-and-post-rating-system-including-user-registration-form-builder-374-missing-authorization</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventbee-rsvp-widget/eventbee-rsvp-widget-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-290-missing-authorization</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surly/surly-303-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popliup/popliup-wordpress-popup-plugin-111-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vm-menu-reorder/vm-menu-reorder-plugin-100-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-09-26T18:33:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-1053-cross-site-request-forgery</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oppso-unit-converter/oppso-unit-converter-111-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-block/button-block-120-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crossword-compiler-puzzles/crossword-compiler-puzzles-145-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-5194-cross-site-request-forgery-to-account-takeover-via-change_password-function</loc>
<lastmod>2025-09-29T16:24:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-gallery-slider/product-gallery-slider-for-woocommerce-228-cross-site-request-forgery</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3299-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membermouse/membermouse-228-blind-sql-injection</loc>
<lastmod>2018-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cordobo-green-park/cordobo-green-park-all-versions-cross-site-scripting</loc>
<lastmod>2007-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rally/rally-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-portfolio-post/themify-portfolio-post-116-reflected-cross-site-scripting</loc>
<lastmod>2022-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookies-alert/wp-cookies-alert-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anyguide/anyroad-132-cross-site-request-forgery</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-jquery-image-gallery/slideshow-228-2221-information-exposure</loc>
<lastmod>2015-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bxslider-wp/bxslider-wp-200-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-07-27T14:26:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-control-manager/advanced-control-manager-for-wordpress-by-italystrap-2160-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learts-addons/learts-addons-175-unauthenticated-sql-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livesupporti/free-live-chat-support-1011-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ask-me/ask-me-681-reflected-cross-site-scripting</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3284-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/roomcloud/roomcloud-13-cross-site-scripting</loc>
<lastmod>2015-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-1192-authenticated-administrator-sql-injection-via-multiple-api-endpoints</loc>
<lastmod>2026-02-13T19:51:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-5915-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yuki/yuki-1314-cross-site-request-forgery-to-theme-setting-reset</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-event-calendar-event-registration-tickets-booking-ai-powered-418-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trusona/trusona-for-wordpress-200-missing-authorization</loc>
<lastmod>2026-01-10T03:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smushit/smush-lazy-load-images-optimize-compress-images-3164-missing-authorization-to-resmush-list-deletion</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cache-control-by-cacholong/cache-control-by-cacholong-541-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinmonster/optinmonster-2121-authenticated-subscriber-sensitive-information-disclosure-via-shortcode</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-bar/admin-bar-remover-1022-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-6883-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-post-docx-source/seraphinite-post-docx-source-2166-cross-site-request-forgery</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analyticator/google-analyticator-655-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revy/revy-21-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asset-clean-up/asset-cleanup-page-speed-booster-1366-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collectchat/chatbot-for-wordpress-239-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images-ape/gallery-images-ape-206-authenticated-plugin-deactivation</loc>
<lastmod>2019-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-suite/custom-field-suite-267-authenticated-contributor-php-code-injection-via-loop-custom-field</loc>
<lastmod>2024-06-19T13:10:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-371-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post-listing/simple-post-listing-02-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-12-11T14:30:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-content-xmlrpc/post-content-xmlrpc-10-authenticated-admin-sql-injection</loc>
<lastmod>2021-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sniplets/sniplets-123-remote-code-execution</loc>
<lastmod>2008-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/contact-form-7-widget-for-elementor-page-builder-gutenberg-blocks-115-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/guest-posting-frontend-posting-wordpress-plugin-wp-front-user-submit-front-editor-445-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-leaflet-map/dsgvo-snippet-for-leaflet-map-and-its-extensions-31-authenticated-contributor-stored-cross-site-scripting-via-unset-attribute</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3236-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mahogany/mahogany-29-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-153-unauthenticated-privilege-escalation</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2802-missing-authorization</loc>
<lastmod>2025-11-14T18:27:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-1931-02-07-2025-authenticated-student-arbitrary-file-upload</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-129-authenticated-contributor-stored-cross-site-scripting-via-how-to-and-faq-blocks</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sertifier-certificates-open-badges/sertifier-certificate-badge-maker-for-wordpress-tutor-lms-119-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-08-22T15:51:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpslacksync/wp-slacksync-185-sensitive-information-disclosure</loc>
<lastmod>2019-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardealerpress/cardealerpress-66241002-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-581-unauthenticated-mailchimp-api-key-disclosure</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-survey/perfect-survey-152-reflected-cross-site-scripting</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rewrite/rewrite-021-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-226-insecure-direct-object-reference-to-unauthenticated-arbitrary-resume-download</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ms-lms-starter-theme/masterstudy-lms-starter-118-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-latest-posts/wp-latest-posts-5011-authenticated-author-stored-cross-site-scripting-via-post-content-image-src-attribute</loc>
<lastmod>2026-06-23T16:46:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-url-as-post-featured-image-thumbnail/external-url-as-post-featured-image-202-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defender-security/defender-security-441-ip-address-spoofing</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-2951-multiple-reflected-cross-site-scripting</loc>
<lastmod>2016-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bootstrap-multi-language-responsive-portfolio/multi-language-responsive-portfolio-wordpress-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T16:00:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captivatesync-trade/captivate-sync-2022-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-mailer-2020-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmp-coming-soon-maintenance/cmp-coming-soon-maintenance-plugin-by-niteothemes-416-information-exposure</loc>
<lastmod>2023-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-860-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-blocks-pro/vk-blocks-15301-stored-contributor-cross-site-scripting-in-tag-edit</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-buttons-288-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cream-magazine/cream-magazine-2110-missing-authorization</loc>
<lastmod>2026-01-11T22:25:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/ibtana-wordpress-website-builder-1233-unauthenticated-recaptcha-settings-update</loc>
<lastmod>2024-06-17T14:09:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postie/postie-1970-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-widget-after-content/add-widget-after-content-246-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-17T15:47:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starter-templates/starter-templates-by-fancywp-200-cross-site-request-forgery-to-arbitrary-plugin-installation</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tokenico-cryptocurrency-token-launchpad-presale-ico-ido-airdrop/cryptocurrency-token-launchpad-presale-ico-ido-airdrop-by-tokenico-247-missing-authorization-to-authenticated-subscriber-contract-address-update</loc>
<lastmod>2025-11-20T19:19:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-and-blog-designer-bundle/news-and-blog-designer-bundle-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-13T17:23:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/multipurpose/multipurpose-120-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-08-07T13:13:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-map/posts-map-013-authenticated-contributor-stored-cross-site-scripting-via-name-shortcode-attribute</loc>
<lastmod>2026-04-21T19:03:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scrippets/wp-scrippets-151-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-5188-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turbosmtp/turbosmtp-46-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/crowdsignal-dashboard-polls-surveys-more-3011-cross-site-request-forgery-via-update_rating</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-post-info/export-post-info-120-authenticated-author-csv-injection</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta-manager/user-meta-manager-348-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2016-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shariff/shariff-wrapper-4620-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2026-05-27T19:48:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-202-authenticated-insecure-direct-object-reference</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickcease-click-fraud-protection/clickcease-click-fraud-protection-327-cross-site-request-forgery</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printfriendly/print-pdf-email-by-printfriendly-551-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-block-editor/nexter-blocks-454-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form/easy-form-by-ays-269-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-generator-addon-for-elementor-page-builder/pdf-generator-addon-for-elementor-page-builder-174-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart-tracking-for-woocommerce/cart-tracking-for-woocommerce-1016-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-locker/onepress-social-locker-425-reflected-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-91133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-content-filter/ajax-content-filter-10-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension-45-information-disclosure-via-shortcode</loc>
<lastmod>2024-11-05T09:02:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/puca/puca-2633-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketplace-items/marketplace-items-155-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-01-06T16:31:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2441-authenticatedcontributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search/better-search-134-reflected-cross-site-scripting</loc>
<lastmod>2014-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-countdown-timer/event-countdown-timer-plugin-by-techmix-14-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b2bking-wholesale-for-woocommerce/b2bking-ultimate-woocommerce-b2b-and-wholesale-plugin-wholesale-prices-bulk-order-form-more-5210-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-stories/web-stories-1370-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-list-portfolio-page/timthumb-133-remote-file-download</loc>
<lastmod>2011-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-to-display-post-and-user-data/display-custom-fields-in-the-frontend-post-and-user-profile-fields-121-authenticated-contributor-code-injection</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-mestres-wp/checkout-mestres-wp-7196-unauthenticated-sql-injection</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-notes-widget/wp-notes-widget-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/beauty-premium/beauty-clean-108-cross-site-request-forgery-arbitrary-file-upload</loc>
<lastmod>2016-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ar-contactus/all-in-one-support-button-callback-request-187-stored-cross-site-scripting</loc>
<lastmod>2020-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-351-missing-authorization-to-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-customizable-contact-forms-survey-quiz-conversational-form-builder-5212-ip-spoofing</loc>
<lastmod>2025-03-21T19:39:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/newsletter-smtp-email-marketing-and-subscribe-forms-by-brevo-formely-sendinblue-3187-cross-site-request-forgery</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-registration/simple-user-registration-55-missing-authorization-to-user-deletion</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a-forms/a-forms-142-reflected-cross-site-scripting</loc>
<lastmod>2013-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-page/coming-soon-and-maintenance-mode-366-missing-authorization-to-arbitrary-email-send</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3224-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-filter-post-categories/wp-filter-post-category-214-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-1123-authenticated-author-server-side-request-forgery</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ds-cf7-math-captcha/contact-form-7-math-captcha-300-reflected-cross-site-scripting</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-backup/wp-all-backup-243-cross-site-request-forgery-to-backup-storage-modification</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web2application/web2application-60-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugin/download-plugin-220-missing-authorization-to-authenticated-subscriber-user-metadata-and-comment-download</loc>
<lastmod>2024-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurantconnect-reswidget/restaurant-reservations-widget-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/similar-posts/similar-posts-315-admin-arbitrary-php-code-execution</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notification/notification-custom-notifications-and-alerts-for-wordpress-724-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tipsacarrier/tipsacarrier-1505-unauthenticated-sql-injection</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/emember-1022-missing-authorization</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-restriction/premium-age-verification-restriction-for-wordpress-302-unauthenticated-arbitrary-file-read-and-write-via-remote_tunnelphp</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-planner/content-planner-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/custom-product-tabs-for-woocommerce-177-subscriber-settings-update</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mj-update-history/mj-update-history-104-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-order-statuses-for-woocommerce/custom-order-statuses-for-woocommerce-152-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-buddypress-community-user-profile-social-network-membership-plugin-for-wordpress-130-missing-authorization-to-arbitrary-subscriber-attachment-deletion</loc>
<lastmod>2024-10-09T13:30:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cab-grid/cab-grid-1515-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travel-booking/multiple-themes-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-moneytizer/the-moneytizer-10010-missing-authorization</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-220-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pz-linkcard/pz-linkcard-252-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-bootstrap-visuals/lewe-bootstrap-visuals-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/user-frontend-ai-powered-frontend-posting-user-directory-profile-membership-user-registration-428-missing-authorization-to-unauthenticated-arbitrary-post-modification-via-post_id-parameter</loc>
<lastmod>2026-03-14T14:13:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/securemoz-security-audit/securemoz-security-audit-105-php-object-injection</loc>
<lastmod>2015-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearfy/webcraftic-clearfy-wordpress-optimization-plugin-231-cross-site-request-forgery-to-clear-cache</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-paypal-shopping-cart-512-unauthenticated-product-price-manipulation</loc>
<lastmod>2025-04-22T19:06:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revive-so/reviveso-206-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/html5-video-player-mp4-video-player-plugin-and-block-2535-authenticated-contributor-dom-based-stored-cross-site-scripting-via-heading-parameter</loc>
<lastmod>2025-01-13T20:11:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alleaktien-quantitativ/eulerpool-research-systems-401-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:27:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-options/widget-options-408-missing-authorization-to-notice-dismissal</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-list-designer/posts-list-designer-by-category-31-authenticated-contributor-stored-cross-site-scriptiong-via-shortcode</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/porsline/porsline-102-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner/advanced-database-cleaner-313-authenticatedadministrator-php-object-injection-via-process_bulk_action</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-slider/image-slider-by-ays-271-missing-authorization</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaf-before-and-after-gallery/beaf-454-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woodiscuz-woocommerce-comments/woodiscuz-woocommerce-comments-230-cross-site-request-forgery</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-2110-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payhere-payment-gateway/payhere-payment-gateway-plugin-for-woocommerce-239-missing-authorization-to-unauthenticated-order-status-modification</loc>
<lastmod>2026-01-13T17:29:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-5714-unauthenticated-sql-injection</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/au-pair-agency/au-pair-agency-babysitting-nanny-theme-122-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3110-cross-site-request-forgery</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safe-editor/safe-editor-12-cross-site-scripting</loc>
<lastmod>2016-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-post-shortcode/category-post-shortcode-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-posts/weaver-show-posts-181-authenticated-administrator-stored-cross-site-scripting-via-additional-classes-to-wrap-posts-widget-setting</loc>
<lastmod>2026-03-20T15:17:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-440-reflected-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superlogoshowcase-wp/super-logos-showcase-28-reflected-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link/pretty-links-lite-163-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-for-paypal/checkout-for-paypal-1038-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s-dev-seo/s-dev-seo-188-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nokaut-offers-box/nokaut-offers-box-140-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-shop-styling/wp-ecommerce-shop-styling-18-remote-file-inclusion</loc>
<lastmod>2013-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/callbook-mobile-bar/callbook-mobile-bar-122-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-posts-footer-manager/posts-footer-manager-220-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-416-unauthenticated-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-11-26T00:01:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/barter/barter-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-190-hidden-login-page-location-disclosure</loc>
<lastmod>2021-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-automated-link-building/internal-links-manager-301-cross-site-request-forgery</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-usps-edition/small-package-quotes-usps-edition-135-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliced-invoices/sliced-invoices-382-reflected-cross-site-scripting</loc>
<lastmod>2019-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11535-unauthenticated-stored-cross-site-scripting-via-hidden-field</loc>
<lastmod>2026-02-02T18:21:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik/oik-4151-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19624-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-364-authenticated-contributor-arbitrary-file-upload-via-featured-image</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-cross-sell-and-upsell/easy-digital-downloads-cross-sell-and-upsell-112-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-conditional-fields/conditional-fields-for-contact-form-7-2415-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm/osm-openstreetmap-6113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-companion/z-companion-111-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-04-10T22:24:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-file-type-manager/wp-media-file-type-manager-230-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-button-shortcode/simple-download-button-shortcode-10-information-disclosure-via-arbitrary-file-downloads</loc>
<lastmod>2012-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmyee-momentopress/momentopress-for-momento360-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-ecommerce-shopping-cart-61210-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-542-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4131-cross-site-request-forgery-via-admin_notice</loc>
<lastmod>2023-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-385-unauthenticated-sql-injection</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-vendors/wc-vendors-marketplace-256-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/metamax/metamax-114-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-263-stored-cross-site-scripting-via-rest-api</loc>
<lastmod>2016-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/developer-toolbar/developer-toolbar-103-unauthenticated-information-exposure</loc>
<lastmod>2025-04-11T14:19:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-simple-contact-form/super-simple-contact-form-162-reflected-cross-site-scripting-via-sscf_name-parameter</loc>
<lastmod>2026-02-13T18:26:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-sidebar-widget/login-widget-with-shortcode-321-cross-site-scripting</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ag-custom-admin/custom-dashboard-login-page-agca-654-reflected-cross-site-scripting</loc>
<lastmod>2020-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-app-editor/mobile-app-editor-wordpress-to-android-app-builder-131-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-208-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-file-access/restrict-file-access-112-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2025-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-best-fomo-social-proof-woocommerce-sales-popup-notification-bar-plugin-with-elementor-282-unauthenticated-sql-injection</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oshine-modules/oshine-modules-337-reflected-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-useronline/wp-useronline-2882-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attendance-manager/attendance-manager-062-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-support-ai/chatbot-support-ai-102-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-drag-drop-wordpress-form-builder-to-create-style-and-embed-multiple-forms-of-any-complexity-252-cross-site-request-forgery-to-survey-cloning</loc>
<lastmod>2026-01-23T20:33:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pure-chat/pure-chat-live-chat-more-24-reflected-cross-site-scripting-via-purechatwidgetname-parameter</loc>
<lastmod>2025-02-18T19:21:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulma-shortcodes/bulma-shortcodes-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:21:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/muslim-prayer-time-bd/muslim-prayer-time-bd-24-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-shop/phlox-shop-200-unauthenticated-local-file-inclusion</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-229-authenticated-subscriber-stored-cross-site-scripting-via-wpdocs_optionsicon_size</loc>
<lastmod>2026-04-15T14:25:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scrollto-top/scrollto-top-122-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/turitor/turitor-153-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addon-215-authenticated-contributor-stored-cross-site-scripting-via-typing-letter-widget</loc>
<lastmod>2025-09-29T15:25:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apollo13-framework-extensions/apollo13-framework-extensions-1810-missing-authorization</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1389-unauthenticated-arbitrary-file-upload-via-insufficient-blacklist-checks</loc>
<lastmod>2025-06-16T20:35:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-elementor/ultimate-addons-for-elementor-13631-authenticated-contributor-privilege-escalation</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-cc-avenue-add-on/contact-form-7-ccavenue-add-on-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-al-slider/simple-al-slider-1210-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-11T14:30:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-pledge-wpjobboard/wordpress-wpjobboard-2507010000-wp681-jb5115-unauthenticated-sql-injection</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recover-wc-abandoned-cart/recover-abandoned-cart-for-woocommerce-22-cross-site-request-forgery</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-send-awesome-emails-from-wordpress-744-reflected-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-1124-missing-authorization</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nioland/nioland-126-reflected-cross-site-scripting-via-s</loc>
<lastmod>2024-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/envo-multipurpose/envo-multipurpose-116-missing-authorization</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webpushr-web-push-notifications/webpushr-4340-cross-site-request-forgery-to-local-file-inclusion-via-menu</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastly/fastly-1228-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteorigin-panels/page-builder-by-siteorigin-2314-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-settings-importexport/widget-settings-importerexporter-plugin-153-unauthorized-widget-import-to-stored-cross-site-scripting</loc>
<lastmod>2020-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quote-me/quote-me-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-mailchimp-widget/nmedia-mailchimp-54-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-product-add-ons/yith-woocommerce-product-add-ons-4290-authenticated-shop-manager-sql-injection</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloud-sso-single-sign-on/cloud-saml-sso-single-sign-on-login-1018-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/press3d/press3d-102-authenticated-author-stored-cross-site-scripting-via-link-url-parameter-in-3d-model-block</loc>
<lastmod>2026-02-13T18:32:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/event/theme-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-515-reflected-cross-site-scripting</loc>
<lastmod>2026-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/owm-weather/owm-weather-568-authenticated-contributor-sql-injection</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-170-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-section-navigation/better-section-navigation-widget-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg_vp_youtube_vimeo_addon_visual_composer/multimedia-playlist-slider-addon-for-wpbakery-page-builder-21-reflected-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elastic-theme-editor/elastic-theme-editor-003-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-11-10T14:54:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woosidebars/woosidebars-141-reflected-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-user-role/add-user-role-001-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/terawallet-for-woocommerce-1515-authenticated-customer-race-condition</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/wp-block-and-stop-bad-bots-crawlers-and-spiders-and-anti-spam-protection-plugin-stopbadbots-667-unauthenticated-sql-injection</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadconnector/leadconnector-3021-missing-authorization</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-480-authenticated-contributor-stored-cross-site-scripting-via-button-url</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-attachments/zip-attachments-16-missing-authorization-to-unauthenticated-private-and-password-protected-posts-attachment-disclosure</loc>
<lastmod>2025-10-14T19:35:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-1620-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yds-support-ticket-system/yds-support-ticket-system-10-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-506-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twittee-text-tweet/twittee-text-tweet-108-reflected-cross-site-scripting</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-pullquotes/perfect-pullquotes-175-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anonymize-links/anonymize-links-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/labtechco/labtechco-83-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/crowdsignal-dashboard-polls-surveys-more-2031-stored-cross-site-scripting</loc>
<lastmod>2016-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-user-avatar/one-user-avatar-236-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fundraising-donation/wp-fundraising-donation-and-crowdfunding-platform-164-missing-authorization</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpulse-email-marketing-newsletter/sendpulse-email-marketing-newsletter-215-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-easy-login-register-popup-for-woocommerce/yith-easy-login-register-popup-for-woocommerce-180-authentication-bypass-via-password-reset</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rehub-theme/rehub-1961-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphist-elementor/graphist-1210-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1174-cross-site-request-forgery</loc>
<lastmod>2021-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/gourl-bitcoin-payment-gateway-amp-paid-downloads-amp-membership-166-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-category-template/advanced-category-template-01-stored-cross-site-scripting-via-cross-site-request-forgery-in-_formphp</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchterms-tagging-2/seo-searchterms-tagging-2-1535-sql-injection</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-53-missing-authorization-to-toggle-crawler-state</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-402-php-object-injection</loc>
<lastmod>2019-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-post-edit/custom-post-edit-104-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-panel/download-panel-133-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-modification</loc>
<lastmod>2025-11-17T20:15:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metasync/search-atlas-seo-182-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1072-authenticated-contributor-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-boxes-etc/mbe-eship-212-cross-site-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ricky/ricky-231-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vg-postcarousel/vg-postcarousel-11-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-add-ons/responsive-addons-starter-templates-advanced-features-and-customizer-settings-for-responsive-theme-305-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-06-04T18:19:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-652-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trx_addons/themerex-addons-23511-authenticated-contributor-stored-cross-site-scripting-via-trx_addons_get_svg_from_file-function</loc>
<lastmod>2025-07-18T19:52:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aviana/aviana-21-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor-builder/vertex-addons-for-elementor-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-total-book-project/the-total-book-project-10-insecure-direct-object-reference-to-authenticated-contributor-book-manipulation</loc>
<lastmod>2025-11-10T15:18:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-21714-missing-authorization</loc>
<lastmod>2025-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/windows-azure-storage/microsoft-azure-storage-for-wordpress-451-missing-authorization-to-authenticated-subscriber-arbitrary-media-deletion</loc>
<lastmod>2025-10-23T20:09:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodlayers-core/goodlayers-core-207-reflected-cross-site-scripting-via-font-family</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-527-authenticated-administrator-sql-injection-via-json-import</loc>
<lastmod>2026-03-02T11:25:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-4512-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/import-any-xml-or-csv-file-to-wordpress-323-pro-411-missing-authorization-checks</loc>
<lastmod>2019-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-12310-cross-site-request-forgery-to-google-drive-storage-update</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-client-logo-carousel/client-logo-carousel-300-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-showhide/wp-showhide-104-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-302-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordlift/wordlift-3544-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/changyan/-205-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-4121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-city-selector/acf-city-selector-1140-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recent-posts-from-each-category/recent-posts-from-each-category-14-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-tv/wp-smart-tv-218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-popup/jetpopup-2015-authenticated-subscriber-information-disclosure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-bs-crm/jetpack-crm-550-authenticated-client-stored-cross-site-scripting</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp24-domain-check/wp24-domain-check-162-cross-site-scripting</loc>
<lastmod>2021-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/electrician/electrician-electrical-service-wordpress-10-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik/estatik-4113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coreactivity/coreactivity-activity-logging-for-wordpress-27-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-160-unauthenticated-arbitrary-media-upload</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1401-authenticated-contributor-sensitive-information-exposure-via-id-parameter</loc>
<lastmod>2026-06-17T18:14:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-vendors/wc-vendors-woocommerce-multivendor-woocommerce-marketplace-product-vendors-264-cross-site-request-forgery-to-vendor-product-deletion</loc>
<lastmod>2025-12-04T19:20:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-2017-cross-site-scripting</loc>
<lastmod>2013-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payments/woocommerce-payments-590-authenticated-shop-manager-sql-injection-via-currency-parameters</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-owl-carousel/owl-carousel-responsive-19-authenticated-contributor-sql-injection-via-id-parameter</loc>
<lastmod>2025-06-25T13:43:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-9111001-unauthenticated-sql-injection</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kkprogressbar/kkprogressbar2-free-1142-cross-site-request-forgery-to-progress-bar-deletion</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-generator-pro/code-generator-pro-12-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cafe-lite/clever-addons-for-elementor-221-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2024-10-25T20:37:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-smilies/cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zengo-custom-thumbnail-image/zengo-custom-thumbnail-image-gallery-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/force-update-translations/force-update-translations-05-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-1915-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-portfolio/visual-portfolio-photo-gallery-post-grid-2171-unauthenticated-css-injection</loc>
<lastmod>2022-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-450-cross-site-request-forgery-via-ajax_run_cleanup</loc>
<lastmod>2023-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-conversion-tracking/woocommerce-conversion-tracking-204-cross-site-request-forgery-and-cross-site-scripting</loc>
<lastmod>2020-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-to-html/csv-to-html-308-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-permalink-manager/premmerce-permalink-manager-for-woocommerce-2310-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2134-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-pricr-responsive-pricing-table/responsive-pricing-table-5112-authenticated-contributor-stored-cross-site-scripting-via-table_currency</loc>
<lastmod>2026-01-06T20:37:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-mailerlite/mailerlite-woocommerce-integration-313-missing-authorization-to-data-deletion</loc>
<lastmod>2025-12-15T16:26:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-banner-widget/imagebanner-widget-145-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-shortcodes/shortcodes-by-angie-makes-346-missing-authorization</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-slider/image-slider-by-ays-responsive-slider-and-carousel-270-cross-site-request-forgery-to-arbitrary-slider-deletion</loc>
<lastmod>2025-12-12T14:34:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugins-on-steroids/eazy-plugin-manager-412-missing-authorization-via-update_options</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-422-cross-site-request-forgery-on-settings</loc>
<lastmod>2019-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/erp-1166-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listdom/listdom-400-open-redirect</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto/crypto-218-authentication-bypass-via-log_in</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/extremestore/extreme-store-157-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transcoder/transcoder-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fanbridge-signup/fanbridge-signup-06-cross-site-request-forgery</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-showcase/video-gallery-management-335-cross-site-request-forgery</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-wpforms-lite/views-for-wpforms-322-cross-site-request-forgery-via-save_view</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-354-stored-cross-site-scripting</loc>
<lastmod>2019-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-to-301/404-to-301-308-logs-deletion-via-cross-site-request-forgery</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multi-currency/woocommerce-multi-currency-2117-missing-authorization</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1130-authenticated-accounting-manager-sql-injection-via-vendor_id</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-conditional-product-fees-for-checkout/extra-fees-plugin-for-woocommerce-433-cross-site-request-forgery</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-nav-menu-manager/advance-nav-menu-manager-13-missing-authorization-to-authenticated-subscriber-nav-menu-item-modification-via-anmm_save_menu_data-ajax-action</loc>
<lastmod>2026-06-23T16:38:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ultimate-points-and-rewards/woocommerce-ultimate-points-and-rewards-2102-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/invico/invico-wordpress-consulting-business-theme-19-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apply-online/applyonline-application-form-builder-and-manager-2671-missing-authorization</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-page-comment/no-page-comment-11-cross-site-request-forgery-to-settings-change</loc>
<lastmod>2022-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/double-the-donation/double-the-donation-200-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easybooking/wp-easybooking-103-cross-site-scripting</loc>
<lastmod>2014-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-form-maker-popup-maker-woocommerce-blocks-post-blocks-post-carousel-2274-information-exposure</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform/buddyboss-platform-2591-insecure-direct-object-reference-to-authenticated-subscriber-comment-on-private-post</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spectra-pro/spectra-pro-115-authenticated-author-privilege-escalation</loc>
<lastmod>2024-05-09T18:13:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-980-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-team-manager/easy-team-manager-132-sql-injection</loc>
<lastmod>2017-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/modular/modular-24-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-base-booking-of-appointments-services-and-events/wp-base-booking-of-appointments-services-and-events-590-unauthenticated-privilege-escalation</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/total-security/total-security-340-unauthenticated-settings-change</loc>
<lastmod>2016-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-55-cross-site-scripting</loc>
<lastmod>2013-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tidio-form/easy-contact-form-builder-11-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/morkva-ua-shipping/morkva-ua-shipping-1018-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sayfa-sayac/sayfa-saya-26-unauthenticated-sql-injection</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-customizer-for-woocommerce/email-customizer-for-woocommerce-drag-and-drop-email-templates-builder-260-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/awake/awake-33-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formality/formality-158-authenticated-contributor-stored-cross-site-scripting-via-align-parameter</loc>
<lastmod>2025-05-01T14:47:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instantio/instantio-3316-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-audible/so-audible-cloud-music-player-09-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eveeno/eveeno-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finale-woocommerce-sales-countdown-timer-discount/finale-lite-2200-reflected-cross-site-scripting</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/industrial/industrial-178-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-filter-widget-for-elementor/product-filter-widget-for-elementor-106-reflected-cross-site-scripting-via-argsfilterformarray-parameter</loc>
<lastmod>2026-06-08T15:13:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-polls/wp-polls-270-stored-cross-site-scripting</loc>
<lastmod>2015-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-local-avatars/simple-local-avatars-2711-missing-authorization-to-authenticated-subscriber-user-cache-clearing</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mandatory-fields/mandatory-field-168-authenticated-administrator-stored-cross-site-scripting-via-settings-fields</loc>
<lastmod>2026-03-20T15:20:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-7717-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18200-reflected-cross-site-scripting</loc>
<lastmod>2025-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Tevolution/tevolution-230-arbitrary-file-upload</loc>
<lastmod>2016-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/language-bar-flags/language-bar-flags-108-cross-site-request-forgery-leading-to-stored-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-auto-find-and-replace/better-find-and-replace-135-admin-sql-injection</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-customer-relationship-management-by-vcita/crm-and-lead-management-by-vcita-262-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nexter/nexter-203-missing-authorization</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-wwe-edition/small-package-quotes-worldwide-express-edition-5219-missing-authorization</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-missing-authorization-to-arbitrary-post-duplication</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-342-unauthenticated-sql-injection</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prowess/prowess-fitness-and-gym-wordpress-theme-181-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5610-missing-authorization-to-authenticated-subscriber-import-cancellation</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parcel-tracker-ecourier/parcel-tracker-ecourier-101-cross-site-request-forgery</loc>
<lastmod>2021-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-google-calendars/private-google-calendars-20231125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intimate-io-cryptocurrency-payments/intimate-payments-plugin-131-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoresponder-gwa/gwa-autoresponder-23-unauthenticated-sql-injection</loc>
<lastmod>2022-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-365-authenticated-contributor-local-file-inclusion-via-aiovg_search_form-shortcode</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-twitterbot/marketing-twitter-bot-111-cross-site-request-forgery-to-settings-update-and-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/altair/altair-524-unauthenticated-arbitrary-options-update-via-pp_import_current</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php/woody-code-snippets-insert-header-footer-code-adsense-ads-250-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-podcast/penci-podcast-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-log-viewer/wp-log-viewer-121-missing-authorization</loc>
<lastmod>2024-11-15T14:58:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-simplified-for-oap-members-only/membership-simplified-158-arbitrary-file-download</loc>
<lastmod>2017-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-memberships/crm-memberships-26-missing-authorization-to-privilege-escalation-via-unauthenticated-password-reset-in-ntzcrm_changepassword-ajax-endpoint</loc>
<lastmod>2025-12-04T16:27:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-tables-in-wordpress-made-easy-304-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-rental-manager/sp-rental-manager-153-unauthenticated-sql-injection</loc>
<lastmod>2021-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-elementor-contact-form-db/elementor-contact-form-db-15-cross-site-request-forgery</loc>
<lastmod>2021-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bulletin-board/wp-bulletin-board-114-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-ninja-forms/ninja-forms-views-display-edit-ninja-forms-submissions-on-your-site-frontend-332-authenticated-contributor-sql-injection</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3151-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-3120-authenticated-administrator-sql-injection-via-path-parameter</loc>
<lastmod>2025-10-10T20:38:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-notice/maintenance-notice-106-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-834-authenticated-contributor-stored-cross-site-scripting-via-animated-text-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-photoswipe/simple-photoswipe-01-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tarteaucitronjs/tarteaucitronjs-cookies-legislation-gdpr-154-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2021-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-251-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tax-switch-for-woocommerce/tax-switch-for-woocommerce-142-authenticated-contributor-stored-cross-site-scripting-via-class-name-parameter</loc>
<lastmod>2025-04-21T16:53:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blue-memories/blue-memories-15-cross-site-scripting</loc>
<lastmod>2007-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sr-partner/seoreseller-partner-1315-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-save_admin_widgets-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-google-reviews/rich-shortcodes-for-google-reviews-68-unauthenticated-stored-cross-site-scripting-via-google-review</loc>
<lastmod>2025-12-05T18:52:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-auto-links/amazon-auto-links-4619-reflected-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-bulkdelete-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plugin-info-card/wp-plugin-info-card-531-authenticated-contributor-stored-cross-site-scripting-via-containerid-parameter</loc>
<lastmod>2025-06-02T19:43:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bus-ticket-booking-with-seat-reservation/bus-ticket-booking-with-seat-reservation-568-missing-authorization</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beds24-online-booking/beds24-online-booking-2027-authenticated-contributor-stored-cross-site-scripting-via-beds24-link-shortcode</loc>
<lastmod>2024-11-20T13:55:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-or-move-comments/copy-or-move-comments-504-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tabs/jettabs-229-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4248-unauthenticated-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-08-15T16:20:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/real-spaces/real-spaces-wordpress-properties-directory-theme-36-unauthenticated-privilege-escalation-to-administrator-via-imic_agent_register</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-224-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baidu-tongji-generator/baidu-tongji-generator-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-popups/responsive-modal-builder-for-high-conversion-easy-popups-150-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplms_plugin/wplms-19954-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/organization-chart/organization-chart-144-cross-site-request-forgery</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-396-unauthenticated-blind-sql-injection</loc>
<lastmod>2015-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-pay/wp-easypay-404-cross-site-request-forgery</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jude/jude-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-965-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-42381-missing-authorization-to-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-10-28T15:41:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-5245-html-injection</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-7621-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2742-reflected-dom-based-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-page-contact-people/contact-us-page-contact-people-361-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-35133-authenticated-subscriber-arbitrary-file-read-via-actionexportall</loc>
<lastmod>2026-03-26T15:32:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10319-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6615-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-timer-for-elementor/countdown-timer-for-elementor-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brute-force-login-protection/brute-force-login-protection-151-cross-site-request-forgery</loc>
<lastmod>2015-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clap/wp-clap-15-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learn-manager/wp-lms-best-wordpress-lms-plugin-114-cross-site-request-forgery</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-204-missing-authorization</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-find-and-replace/real-time-find-and-replace-39-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2020-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/droip/droip-226-missing-authorization-to-authenticated-subscriber-many-actions</loc>
<lastmod>2025-07-24T17:25:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animation-addons-for-elementor/animation-addons-for-elementor-263-authenticated-contributor-stored-cross-site-scripting-via-weather-widget</loc>
<lastmod>2026-05-26T15:52:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-slider/product-slider-for-woocommerce-256-missing-authorization</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-222-sensitive-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-2414-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/graphene/graphene-292-missing-authorization</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-show-stats/wp-show-stats-15-cross-site-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-1-wordpress-booking-plugin-131-reflected-cross-site-scripting</loc>
<lastmod>2013-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-slider-404-missing-authorization</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-231-email-spoofing</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/stargaze/stargaze-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daggerhart-openid-connect-generic/openid-connect-generic-client-380-381-reflected-cross-site-scripting</loc>
<lastmod>2021-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-listing-realtyna-wpl/realtyna-organic-idx-plugin-41413-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/off-canvas-sidebars/off-canvas-sidebars-menus-slidebars-0582-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-captcha/contact-form-with-captcha-167-cross-site-request-forgery</loc>
<lastmod>2021-11-29T12:43:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quran-translations-by-edc/quran-translations-17-cross-site-request-forgery-to-playlist-settings-form</loc>
<lastmod>2026-04-07T17:37:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddy-press-force-password-change/buddypress-force-password-change-01-authenticated-subscriber-account-takeover-via-password-update</loc>
<lastmod>2025-04-23T19:45:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web3-authentication/web3-crypto-wallet-login-nft-token-gating-260-authentication-bypass</loc>
<lastmod>2023-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-page-builder-lite-5614-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-for-woocommerce-678-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-gsheetconnector/woocommerce-google-sheet-connector-136-cross-site-request-forgery</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-reviews-by-wiremo/wiremo-1499-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal_survey/modal-survey-2018-php-object-injection</loc>
<lastmod>2021-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/activello/activello-144-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-post-slider/category-post-slider-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:34:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoshare-for-twitter/decode-uri-component-021-denial-of-service</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-flipbook-dflip-lite/dear-flipbook-pdf-flipbook-3d-flipbook-pdf-embed-pdf-viewer-2365-dom-based-reflected-cross-site-scripting-via-pdf-source</loc>
<lastmod>2025-06-30T22:38:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2appir/wp2app-262-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shantz-wordpress-qotd/shantz-wordpress-qotd-122-cross-site-request-forgery</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-822-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18160-unauthenticated-information-exposure</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-proof-testimonials-slider/social-proof-testimonial-slider-223-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwolle-gb/gwolle-guestbook-153-remote-file-inclusion</loc>
<lastmod>2015-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightbox/lightbox-168-stored-cross-site-scripting</loc>
<lastmod>2016-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2333-cross-site-request-forgery-to-plugin-deactivation</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10345-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-12-18T19:48:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dam-spam/dam-spam-108-cross-site-request-forgery-to-arbitrary-pending-comment-deletion</loc>
<lastmod>2026-02-17T19:02:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-owl-shortcodes/simple-owl-shortcodes-211-authenticated-contributor-stored-cross-site-scripting-via-num-shortcode-attribute</loc>
<lastmod>2026-05-04T14:06:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/handtalk/hand-talk-61-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zarinpal-woocommerce-payment-gateway/zarinpal-gateway-for-woocommerce-5016-improper-access-control-to-payment-status-update</loc>
<lastmod>2026-02-16T16:35:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dinatur/dinatur-118-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-209-cross-site-scripting</loc>
<lastmod>2018-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pin-wp/pin-wp-72-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-cache-244-unauthenticated-arbitrary-file-upload-via-fetch_gravatar_from_remote</loc>
<lastmod>2026-04-22T13:59:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-marketing-agency-templates-for-elementor/digital-marketing-and-agency-templates-addons-for-elementor-111-cross-site-request-forgery-to-import</loc>
<lastmod>2025-06-12T13:08:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-booking-manager-for-woocommerce-533-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/civi/civi-job-board-freelance-marketplace-wordpress-theme-214-sensitive-information-exposure</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/burst-statistics/burst-statistics-really-simple-plugins-153-authenticated-editor-sql-injection</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publish-approval/publish-approval-11-cross-site-request-forgery</loc>
<lastmod>2025-09-10T19:04:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-176-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-upload-files/woocommerce-upload-files-593-arbitrary-file-upload</loc>
<lastmod>2021-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enqueue-anything/enqueue-anything-101-missing-authorization</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-analytics-events/google-analytics-events-282-unauthenticated-information-exposure</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mind-doodle-sitemap/mind-doodle-visual-sitemaps-tasks-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-app-online/build-app-online-1020-missing-authorization-authenticatedsubscriber-arbitrary-options-update</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-table-of-contents/site-table-of-contents-03-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ls-gmap-route/ls-google-map-router-110-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T15:04:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3speedster-wp/w3speedster-719-cross-site-request-forgery-via-launch</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-site-kit/site-kit-by-google-171-sensitive-information-disclosure</loc>
<lastmod>2020-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-624-authenticated-contributor-stored-cross-site-scripting-via-custom-field</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-205-insecure-direct-object-reference-to-forum-privacy-change</loc>
<lastmod>2022-11-26T09:52:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-add-ons/responsive-plus-320-missing-authorization</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-versus-polls-anonymous-polls-image-polls-554-unauthenticated-html-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.5/wordpress-core-652-unauthenticated-authenticated-contributor-stored-cross-site-scripting-via-avatar-block</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/javo-core/javo-core-300266-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delucks-seo/delucks-seo-258-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitytime/wp-sessions-time-monitoring-full-automatic-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-gsheetconnector/woocommerce-google-sheet-connector-1311-missing-authorization</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metricool/metricool-117-authenticated-administrator-stored-stored-cross-site-scripting</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-monster/cookie-monster-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58009-reflected-cross-site-scripting</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protect-uploads/protect-uploads-03-authorization-bypass</loc>
<lastmod>2022-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatwee/chat-by-chatwee-213-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-367-cross-site-request-forgery-to-payment-account-hijacking-via-square_tokens-parameter</loc>
<lastmod>2026-05-27T17:18:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3881-unauthenticated-sql-injection</loc>
<lastmod>2026-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-free-widgets-hover-effects-toggle-conditions-animations-for-elementor-2061-missing-authorization-to-ma-template-creation-or-modification</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/off-canvas-sidebars/off-canvas-sidebars-menus-slidebars-0584-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-scripting-via-bg_color-parameter</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-wordpress-booking-plugin-1145-cross-site-scripting</loc>
<lastmod>2019-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simcast/simcast-100-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-06T20:46:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boost/boost-203-unauthenticated-php-object-injection-via-styxkey-boost_user_location-cookie</loc>
<lastmod>2026-05-19T13:55:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayers-request/wp-prayer-ii-247-cross-site-request-forgery-to-email-settings-update</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3325-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-for-post-and-buddypress/push-notification-for-post-and-buddypress-211-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadinfo/leadinfo-10-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-pagerank-display/google-pagerank-display-14-cross-site-request-forgery-to-settings-update-via-settings-page</loc>
<lastmod>2026-04-21T19:02:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/topper-pack/topperpack-complete-elementor-addons-theme-cpt-builder-121-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagepost-specific-social-share-buttons/pagepost-specific-social-share-buttons-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-widget-by-wpzoom/wpzoom-social-feed-widget-block-2113-missing-authorization-to-authenticated-subscriber-instagram-image-deletion</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigcommerce/bigcommerce-512-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hypercomments/hypercomments-122-arbitrary-file-deletion</loc>
<lastmod>2020-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/task-manager/task-manager-302-authenticated-subscriber-arbitrary-shortcode-execution-via-task_id-parameter</loc>
<lastmod>2026-03-20T15:08:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibe/web-accessibility-by-accessibe-210-cross-site-request-forgery</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/d-bargain/dbargain-300-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-31142-cross-site-request-forgery-via-edd_trigger_upgrades</loc>
<lastmod>2023-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/droit-dark-mode/droit-dark-mode-112-cross-site-request-forgery</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-source-control-isc/image-source-control-2170-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-342-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpos-lite-version/openpos-lite-30-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-10T20:07:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/wordpress-infinite-scroll-ajax-load-more-6101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workscout-core/workscout-core-1706-reflected-cross-site-scripting</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/struktur/struktur-251-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxi-blocks/maxiblocks-213-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-price-ticker-widget/cryptocurrency-widgets-price-ticker-coins-list-268-missing-authorization</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-page-visit-counter/advanced-page-visit-counter-806-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon/coming-soon-page-maintenance-mode-221-maintenance-mode-bypass</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-user-enumeration/stop-user-enumeration-plugin-139-user-enumeration</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-page-cat/landing-page-cat-174-missing-authorization</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peachpay-for-woocommerce/peachpay-payments-11174-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy2map/easy2map-129-reflected-cross-site-scripting</loc>
<lastmod>2015-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-3111-missing-authorization-to-authenticated-contributor-analytics-reset</loc>
<lastmod>2026-01-20T01:50:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugnedit/plugnedit-adaptive-editor-620-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-interest-slider/quick-interest-slider-315-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-14T19:44:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-for-wp-job-manager/custom-field-for-wp-job-manager-13-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lava-directory-manager/lava-directory-manager-1134-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-4261-authenticated-admin-sql-injection</loc>
<lastmod>2025-11-20T20:41:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/movie-database/movie-database-1011-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio3-html5/sticky-html5-music-player-316-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/felizia/felizia-fertility-center-medical-wordpress-theme-134-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-image-gallery-photo/image-gallery-grid-gallery-111-stored-cross-site-scripting</loc>
<lastmod>2022-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inject/imageinject-118-authenticated-admin-stored-xss</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode/wp-maintenance-mode-206-authenticated-information-disclosure</loc>
<lastmod>2016-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-typography/google-typography-112-missing-authorization</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-manager/newsletter-manager-102-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar/calendar-1310-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-add-pages-or-posts/simple-add-pages-or-posts-17-cross-site-request-forgery</loc>
<lastmod>2016-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-free-widgets-hover-effects-toggle-conditions-animations-for-elementor-2060-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/move-addons/move-addons-for-elementor-134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-291-unauthenticated-sql-injection</loc>
<lastmod>2025-01-17T16:40:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/c9-blocks/c9-blocks-177-unauthenticated-full-path-disclosure</loc>
<lastmod>2025-02-20T15:02:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-jump-links-menus/easy-jump-links-menus-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-04T17:23:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-frontend-file-upload-form-secure-file-sharing-1764-unauthenticated-path-traversal</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-rating/simple-rating-14-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pagebuilder/wp-page-builder-123-insecure-default-to-unauthorized-page-editing</loc>
<lastmod>2021-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-category-dropdown/wp-category-dropdown-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-1155-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75437212-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-shortcode/google-map-shortcode-312-cross-site-request-forgery-to-plugin-setting-update</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-560-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweetscroll-widget/tweetscroll-widget-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-contact-form/vs-contact-form-139-missing-authorization</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2039-authenticated-contributor-stored-cross-site-scripting-via-about-me-block</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-page-builder-lite-542-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-3100-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sociallyviral/sociallyviral-1010-cross-site-request-forgery</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protect-plugin-for-wordpress/password-protect-plugin-for-wordpress-0810-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-background/ap-background-381-382-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload-via-advparallaxbackadminsaveslider-function</loc>
<lastmod>2025-10-02T21:28:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxgalleria/maxgalleria-625-stored-cross-site-scripting</loc>
<lastmod>2022-02-22T07:27:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-454-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-sitemap-plugin/sitemap-by-bestwebsoft-wordpress-xml-site-map-page-generator-plugin-308-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locatoraid/locatoraid-store-locator-3918-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bricksable/bricksable-for-bricks-builder-1659-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gotowebinar/wp-gotowebinar-1445-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-engine/social-media-engine-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-vector-maps/rvm-responsive-vector-maps-641-subscriber-arbitrary-file-read</loc>
<lastmod>2022-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smio-push-notification/smart-notification-103-unauthenticated-sql-injection</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-event-manager-event-booking-calendar-tickets-and-registration-plugin-ai-powered-4051-missing-authorization-to-unauthenticated-stored-cross-site-scripting-via-post_settings</loc>
<lastmod>2026-01-08T18:45:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devvn-image-hotspot/image-hotspot-by-devvn-129-authenticated-author-stored-cross-site-scripting-via-custom-field-meta</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/urna/urna-2512-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-372-captcha-bypass</loc>
<lastmod>2014-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hallo-welt/wp-hallo-welt-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-12-19T15:06:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/projectlist/projectlist-030-authenticated-editor-sql-injection-via-id-parameter</loc>
<lastmod>2025-11-24T19:13:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-for-music-radio-podcast-by-sonaar-241-multiple-admin-cross-site-scripting</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xserver-typesquare-webfonts/typesquare-webfonts-207-missing-authorization-via-typesquare_admin_init</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-food/food-271-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobilechief-mobile-site-creator/mobilechief-mobile-site-builder-157-cross-site-scripting</loc>
<lastmod>2013-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-617-missing-authorization-via-editor_html</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woosquare/apiexperts-square-for-woocommerce-429-reflected-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-geoplugin/geo-controller-894-unauthenticated-information-exposure</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wpdb/my-wpdb-1112-cross-site-request-forgery-to-arbitrary-sql-query-execution</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-finder/broken-link-checker-finder-242-missing-authorization-via-moblc_auth_save_settings</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-gallery/gallery-photo-albums-plugin-1303-multiple-cross-site-request-forgery</loc>
<lastmod>2014-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-700-7014-incorrect-authorization-to-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2026-06-01T10:41:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addonify-wishlist/addonify-woocommerce-wishlist-2015-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-preloader/wp-smart-preloader-115-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpf-ultimate-carousel/wpf-ultimate-carousel-1011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker/leaflet-maps-marker-google-maps-openstreetmap-bing-maps-3124-authenticated-admin-sql-injection</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export-pro/wp-all-export-pro-178-authenticated-sql-injection</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-permission/wp-content-permission-12-authenticated-administrator-stored-cross-site-scripting-via-ohmem-message-parameter</loc>
<lastmod>2026-02-03T19:40:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-vendors/woocommerce-product-vendors-222-missing-authorization</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-397-missing-authorization</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pressapps-accordion-faq/accordion-faq-221-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/structured-content/structured-content-153-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenkit-blocks-addon/gutenkit-210-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-unanswered-comments/dx-unanswered-comments-17-cross-site-request-forgery-via-settings-update</loc>
<lastmod>2026-04-21T19:05:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crafthemes-demo-import/crafthemes-demo-import-33-authenticated-admin-arbitrary-file-upload-in-process_uploaded_files</loc>
<lastmod>2024-12-13T15:54:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-145-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/veil/veil-wedding-photographer-wordpress-theme-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-input-fields-for-woocommerce/product-input-fields-for-woocommerce-19-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2024-11-25T17:39:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/etsy-shop/etsy-shop-306-reflected-cross-site-scripting</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-meta-boxes-per-user-role/remove-meta-boxes-per-user-role-101-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-06-01T19:43:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-650-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingo/listingo-business-listing-and-directory-wordpress-theme-327-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-04T21:11:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abcsubmit/create-custom-forms-for-wordpress-with-a-smart-form-plugin-for-smart-businesses-124-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-25T15:01:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwp/backwp-202-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/load-more-posts/load-more-posts-140-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweetthis-shortcode/tweetthis-shortcode-180-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-25T18:41:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-coming-soon/easy-coming-soon-23-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bm-builder/bm-content-builder-31621-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adfoxly/adfoxly-ad-manager-adsense-ads-adstxt-185-cross-site-request-forgery</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whatsiplus-scheduled-notification-for-woocommerce/whatsiplus-scheduled-notification-for-woocommerce-101-cross-site-request-forgery-to-wsnfw_save_users_settings-ajax-action</loc>
<lastmod>2026-02-18T15:52:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-advance-search/advance-search-for-woocommerce-11-cross-site-scripting</loc>
<lastmod>2018-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/etsy-shop/etsy-shop-304-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-partial-shipment/woocommerce-partial-shipment-32-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doofinder-for-woocommerce/doofinder-for-woocommerce-217-reflected-cross-site-scripting-via-tab</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5952-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/makecommerce/makecommerce-for-woocommerce-351-reflected-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-115-sensitive-data-exposure</loc>
<lastmod>2020-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bad-behavior/bad-behavior-2047-220-224-cross-site-scripting</loc>
<lastmod>2012-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/daisho/daisho-theme-42-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/geya/geya-renewable-energy-ecology-wordpress-theme-115-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edublink-core/edublink-core-207-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-urls/list-urls-02-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-342-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-141-reflected-cross-site-scripting</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-11120-cross-site-request-forgery</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagements/imagements-125-arbitrary-file-upload</loc>
<lastmod>2021-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-1116-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-from-facebook/social-comments-by-wpdevart-249-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-1867-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-media/buddyboss-media-323-stored-cross-site-scripting</loc>
<lastmod>2018-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copyright-safeguard-footer-notice/copyright-safeguard-footer-notice-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cwd-3d-image-gallery/cwd-3d-image-gallery-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-711-cross-site-request-forgery</loc>
<lastmod>2022-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-467-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/more-mime-type-filters/more-mime-type-filters-03-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-booking/hotel-booking-36-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-woocommerce-auction-pro/ultimate-auction-pro-152-unauthenticated-sql-injection-via-auction_id</loc>
<lastmod>2025-05-01T19:10:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-1677-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jnews-gallery/jnews-gallery-1201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-views-count/page-views-count-plugin-2414-unauthenticated-sql-injection</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-showcase/testimonials-showcase-1916-reflected-cross-site-scripting</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-427-unauthenticated-sql-injection-via-c_only_fields</loc>
<lastmod>2024-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-517-missing-authorization-to-authenticated-contributor-import-job-creation-execution-purge-log-clearing-and-information-disclosure-via-multiple-ajax-sub-actions</loc>
<lastmod>2026-06-05T10:46:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-31011-unauthenticated-csv-injection</loc>
<lastmod>2022-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-thumb/wpthumb-010-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwjob/inwave-jobs-351-unauthenticated-privilege-escalation-via-password-reset</loc>
<lastmod>2025-03-06T19:32:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maximum-upload-file-size/wp-maximum-upload-file-size-113-authenticated-author-full-path-disclosure</loc>
<lastmod>2024-11-22T17:05:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formfacade/formfacade-wordpress-plugin-for-google-forms-136-reflected-cross-site-scripting</loc>
<lastmod>2024-10-25T13:59:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-lightbox/wp-video-lightbox-192-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-11111-reflected-cross-site-scripting</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sharebar/sharebar-142-cross-site-scripting</loc>
<lastmod>2013-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mangboard/mang-board-wp-181-cross-site-request-forgery</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payu-india/payu-india-388-reflected-cross-site-scripting-via-type</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-422-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-my-blocks/find-my-blocks-340-sensitive-information-disclosure</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eds-social-share/eds-social-share-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T15:15:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-1728-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fsm-custom-featured-image-caption/fsm-custom-featured-image-caption-1251-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-435-reflected-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-popup/slick-popup-171-privilege-escalation</loc>
<lastmod>2019-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-254-unauthenticated-stored-cross-site-scripting-via-cached-tweet-text</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ecogrow/ecogrow-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-default-post-content/my-default-post-content-073-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-1018-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-11T18:15:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-coder/wp-coder-add-custom-html-css-and-js-code-253-authenticated-admin-sql-injection</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-158-reflected-cross-site-scripting</loc>
<lastmod>2022-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-specific-sidebars/simple-page-specific-sidebars-2141-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-scripting-via-logo_height-parameter</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instasqueeze/instasqueeze-sexy-squeeze-pages-all-known-versions-cross-site-scripting</loc>
<lastmod>2014-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliatebooster-blocks/affiliate-booster-pros-cons-notice-and-cta-blocks-for-affiliates-305-cross-site-request-forgery-via-process_bulk_action</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mf-gig-calendar/mf-gig-calendar-0941-cross-site-scripting</loc>
<lastmod>2012-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-videos-for-jw-player/related-videos-for-jw-player-120-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quentn-wp/quentn-wp-128-unauthenticated-privilege-escalation</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3153-unauthenticated-arbitrary-file-deletion-via-form-entry-value</loc>
<lastmod>2026-06-18T16:14:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listeo-core/listeo-core-207-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magazine-blocks/magazine-blocks-blog-designer-magazine-newspaper-website-builder-page-builder-with-posts-blocks-post-grid-1314-reflected-cross-site-scripting</loc>
<lastmod>2024-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-341-unauthenticated-backup-download</loc>
<lastmod>2017-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/word-2-cash/word-2-cash-092-cross-site-request-forgeryto-stored-cross-site-scripting-via-settings-page</loc>
<lastmod>2026-05-19T12:03:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-contact/aio-contact-281-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ut-shortcodes/shortcodes-by-united-themes-516-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-28T18:55:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/membership-plugin-restrict-content-3224-unvalidated-redirect-in-password-reset-flow-via-rcp_redirect</loc>
<lastmod>2026-03-19T14:37:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmk-pdf-generator/wpmk-pdf-generator-101-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-collection/shortcode-collection-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dhvc-form/dhvc-form-247-unauthenticated-privilege-escalation</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-247-authenticated-author-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2024-08-21T21:21:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flipper/wordpress-content-flipper-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-12T20:24:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-dictionary/xili-dictionary-21252-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tenweb-speed-optimizer/10web-booster-22414-unauthenticated-arbitrary-option-deletion</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-215-cross-site-request-forgery</loc>
<lastmod>2023-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0217-missing-authorization-to-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2024-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-3139-missing-authorization-to-unauthenticated-sensitive-personal-data-disclosure-via-subject-access-request-ajax-endpoint-process_nowis_ajax-parameters</loc>
<lastmod>2026-06-18T16:02:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-1262-cross-site-scripting</loc>
<lastmod>2016-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-manager-advanced/media-file-manager-advanced-115-improper-access-control</loc>
<lastmod>2012-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-21284-cross-site-request-forgery</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genesis-blocks/genesis-blocks-312-authenticated-contributor-stored-cross-site-scripting-via-posttitletag</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waitlist-woocommerce/waitlist-woocommerce-back-in-stock-notifier-26-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waymark/waymark-141-reflected-cross-site-scripting-via-content</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gameplan/gameplan-1510-reflected-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edwiser-bridge/edwiser-bridge-302-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/msrp-for-woocommerce/msrp-rrp-pricing-for-woocommerce-181-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pinterest-automatic/pinterest-automatic-4143-unuathenticated-arbitrary-options-update</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/customizr/customizr-4421-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-notes-plus/plugin-notes-plus-127-authenticated-subscriber-arbitrary-note-deletion</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-3012-cross-site-scripting</loc>
<lastmod>2018-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-dashboard/ultimate-dashboard-375-authenticatedadministrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scribd-list/wp-scribd-list-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-redirect/login-redirect-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-wpforms/pdf-for-wpforms-550-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-slider-with-lightbox/thumbnail-slider-with-lightbox-10-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-wordpress-gym-management-system-6780-unauthenticated-sql-injection</loc>
<lastmod>2025-07-10T19:17:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider/testimonial-slider-125-sql-injection</loc>
<lastmod>2018-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-491-authenticated-stored-cross-site-scripting</loc>
<lastmod>2017-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-wordpress-306-reflected-cross-site-scripting</loc>
<lastmod>2020-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_unassign_folders</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-580-unauthenticated-remote-code-execution</loc>
<lastmod>2025-12-23T16:17:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-headers-and-footers/wpcode-208-cross-site-request-forgery</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-manager/job-board-manager-2161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-wrangler/widget-wrangler-239-authenticated-author-remote-code-execution</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-x-discount-pop-up/coupon-x-discount-pop-up-promo-code-pop-ups-announcement-pop-up-woocommerce-popups-135-missing-authorization</loc>
<lastmod>2025-01-10T14:13:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/innovs-woo-manager/woocommerce-manager-8211-customize-and-control-cart-page-add-to-cart-button-checkout-fields-easily-1245-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-caption-hover-pro/image-caption-hover-pro-200-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-6013-cross-site-scripting-via-post_title</loc>
<lastmod>2020-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/wordpress-membership-user-registration-login-form-user-profile-restrict-content-plugin-profilepress-3215-reflected-cross-site-scripting</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-addons-for-elementor-elementor-widgets-template-builder-307-unauthenticated-information-exposure</loc>
<lastmod>2026-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-calendar-for-elementor/simple-calendar-for-elementor-166-missing-authorization-to-unauthenticated-arbitrary-calendar-entry-deletion</loc>
<lastmod>2026-01-27T18:06:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-paypal-add-on/contact-form-7-paypal-stripe-add-on-234-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abc-notation/abc-notation-613-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2025-01-24T18:45:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-434-account-takeover-via-password-reset</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/competition-form/competition-form-20-cross-site-request-forgery-to-competition-deletion</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-828-unauthenticated-information-exposure</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forecast/wp-forecast-92-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/user-private-files-205-insecure-direct-object-reference</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paygreen-payment-gateway/paygreen-payment-gateway-1026-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T16:16:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/krowd/krowd-150-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-7219-information-exposure</loc>
<lastmod>2025-06-05T15:05:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-15-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-lightbox-slider/gallery-lightbox-10041-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-448-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2026-01-09T20:16:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2608-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-07-10T18:41:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-sell-digital-files-subscriptions-ecommerce-store-payments-made-easy-332-authenticated-admin-stored-cross-site-scripting-via-agreement-text</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facturante/facturante-111-unauthenticated-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anona/anona-80-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4275-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6717-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-02-19T13:25:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-before-after-image/majestic-before-after-image-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-03T14:10:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quizlord/quizlord-20-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2216-missing-authorization-to-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-03-14T14:22:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-282-authenticated-contributor-dom-based-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-221-backdoor</loc>
<lastmod>2007-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2039-privilege-escalation</loc>
<lastmod>2019-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stackable-ultimate-gutenberg-blocks/stackable-page-builder-gutenberg-blocks-3131-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycryptocheckout/mycryptocheckout-2125-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-11411-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-elements/elements-for-elementor-21-authenticated-contributor-local-file-inclusion-via-multiple-widget-attributes</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-462-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-bcc-for-woocommerce-order-emails/cc-bcc-for-woocommerce-order-emails-141-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-the-ultimate-woocommerce-multivendor-marketplace-solution-420-missing-authorization-to-arbitrary-vendor-deletion</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-bank/contact-bank-contact-form-builder-for-wordpress-2069-stored-cross-site-scripting</loc>
<lastmod>2014-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hd-quiz/hd-quiz-1814-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-duplicator/post-duplicator-231-missing-authorization-via-mtphr_duplicate_post</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mb-custom-post-type/mb-custom-post-types-custom-taxonomies-276-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-visibility-by-country-for-woocommerce/product-visibility-by-country-for-woocommerce-149-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-my-login/theme-my-login-716-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podpress/podpress-881017-cross-site-scripting-via-playerid</loc>
<lastmod>2013-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/contact-form-survey-quiz-popup-form-builder-arforms-170-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apptivo-business-site/apptivo-business-site-crm-3012-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-753-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-help/seo-help-661-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/brilliance/brilliance-131-reflected-cross-site-scripting</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-block/fancypost-best-ultimate-post-block-post-grid-layouts-carousel-slider-for-gutenberg-elementor-600-missing-authorization-to-authenticated-subscriber-shortcode-export</loc>
<lastmod>2025-01-06T16:23:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php/woody-code-snippets-239-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-11644-stored-cross-site-scripting</loc>
<lastmod>2022-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-scripting-via-coming-soon_sub_title-parameter</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickbank-ads-clickbank-widget/clickbank-affiliate-ads-131-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-share-buttons-adder/simple-share-buttons-adder-846-cross-site-request-forgery</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-font-pairing-preview/font-pairing-preview-for-landing-pages-13-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-06T18:47:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-admin-interface/wp-custom-admin-interface-728-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-imagezoom/wp-imagezoom-107-sql-injection</loc>
<lastmod>2013-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-subscription/tagdiv-opt-in-builder-173-reflected-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-widget/display-widgets-27-seo-spam-injection-hidden-functionality</loc>
<lastmod>2017-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hellobar/hello-bar-popup-builder-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catfolders/catfolders-tame-your-wordpress-media-library-by-category-252-authenticated-author-sql-injection-via-csv-import</loc>
<lastmod>2025-09-10T16:23:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-758-directory-traversal-to-file-deletion-on-windows-hosts</loc>
<lastmod>2022-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alter/alter-10-cross-site-request-forgery</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-download/subscribe-to-download-209-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/wordpress-webinar-plugin-webinarpress-13320-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-290-cross-site-request-forgery-via-delheader</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favorites/favorites-236-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rays-grid/rays-grid-122-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/update-theme-and-plugins-from-zip-file/update-theme-and-plugins-from-zip-file-200-cross-site-request-forgery</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motionger-elementor/motionger-for-elementor-204-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate-pro/idonatepro-219-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusewp/fusewp-wordpress-user-sync-to-email-list-marketing-automation-mailchimp-constant-contact-activecampaign-etc-11230-cross-site-request-forgery-to-sync-rule-creation</loc>
<lastmod>2025-10-24T18:12:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-event-calendar/spidercalendar-1413-cross-site-request-forgery</loc>
<lastmod>2015-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syndication-links/syndication-links-103-dom-based-cross-site-scripting</loc>
<lastmod>2015-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecab-taxi-booking-manager/taxi-booking-manager-for-woocommerce-130-missing-authorization</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donate-button/donate-by-bestwebsoft-donations-acception-extention-for-wordpress-211-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flowpaper-lite-pdf-flipbook/flowpaper-199-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cocco/cocco-kids-store-and-baby-shop-wordpress-theme-20-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft/formcraft-137-sql-injection</loc>
<lastmod>2013-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-revolution-of-a-slider-hero-slider-media-slider-drag-drop-slider-video-slider-product-slider-ecommerce-slider-3140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-gravityforms-blacklist/bsk-forms-blacklist-38-reflected-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-studio/awesome-studio-244-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chp-ads-block-detector/chp-ads-block-detector-394-cross-site-request-forgery-via-chp_abd_action</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backup-bank/backup-bank-wordpress-backup-plugin-4028-missing-authorization-via-post_user_feedback_backup_bank</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-09123-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-02-10T17:13:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crpaid-link-manager/crpaid-link-manager-05-reflected-cross-site-scripting</loc>
<lastmod>2026-03-17T15:03:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-407-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-tweets-widget-223-cross-site-request-forgery</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-learning-pro/ultimate-learning-pro-393-authenticated-instructor-arbitrary-content-deletion</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/likebtn-like-button/like-button-rating-likebtn-2644-arbitrary-e-mail-sending</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-elementor-addons/wpzoom-addons-for-elementor-starter-templates-widgets-134-unauthenticated-reflected-cross-site-scripting-via-title_tag-parameter</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-5122-file-upload</loc>
<lastmod>2022-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4321-unauthenticated-php-object-injection</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-3328-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-image-hover-effects/ultimate-image-hover-effects-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentformpro/fluent-forms-pro-add-on-pack-6117-missing-authorization-to-unauthenticated-payment-status-modification</loc>
<lastmod>2026-02-26T14:33:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-duplicator/post-duplicator-308-missing-authorization-to-authenticated-contributor-protected-post-meta-insertion-via-custommetadata-parameter</loc>
<lastmod>2026-02-24T21:12:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediamatic/mediamatic-media-library-folders-281-missing-authorization</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gnucommerce/gnucommerce-154-reflected-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/golo/golo-175-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-google-reviews/plugin-for-google-reviews-222-cross-site-request-forgery</loc>
<lastmod>2022-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-gallery-grid/responsive-gallery-grid-238-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/searchgo/search-go-28-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-customer-relationship-management-by-vcita/crm-and-lead-management-by-vcita-274-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T19:51:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whatsorder-instant-checkout-for-woocommerce/whatsorder-101-unauthenticated-sensitive-information-exposure-via-predictable-invoice-file-urls</loc>
<lastmod>2026-06-23T16:40:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-179-reflected-cross-site-scripting</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-element/news-element-elementor-blog-magazine-108-missing-authorization-to-authenticated-subscriber-data-loss</loc>
<lastmod>2026-02-18T15:53:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blogroll/ultimate-blogroll-252-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-09-11T14:48:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaysmtp/yaysmtp-simple-wp-smtp-mail-22-sensitive-information-disclosure</loc>
<lastmod>2022-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-url-preview/z-url-preview-162-cross-site-scripting</loc>
<lastmod>2017-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.8/wordpress-core-informational-68-weak-hashing-algorithm</loc>
<lastmod>2012-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transbank-webpay-plus-rest/transbank-webpay-1140-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-3358-reflected-cross-site-scripting</loc>
<lastmod>2012-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flipdish-ordering-system/flipdish-ordering-system-152-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dzonia-lite/multiple-plugins-and-themes-by-inkthemes-118-unauthenticated-information-exposure</loc>
<lastmod>2025-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pin-locations-on-map/pin-locations-on-map-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-optimizer-wd/image-optimizer-wd-1026-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-6159-sysinfo-key-incorrect-comparison-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-04T21:06:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-visualization-charts/google-visualization-charts-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kwayy-html-sitemap/kwayy-html-sitemap-31-authenticated-administrator-stored-cross-site-scipting</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kitestudio-core/core-plugin-for-kitestudio-themes-221-reflected-cross-site-scripting</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-1023-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-12-16T15:58:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-campaigns/zoho-campaigns-206-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-1489-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-10-07T14:44:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-355-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-locations-for-woocommerce/stock-locations-for-woocommerce-259-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-payment-form/paymattic-secure-simple-payment-donation-with-subscription-payments-recurring-donations-customer-management-4619-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keyring/keyring-151-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-form/adfo-custom-data-in-admin-dashboard-190-reflected-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latest-registered-users/latest-registered-users-14-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-user-data-export</loc>
<lastmod>2026-01-06T19:39:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-320-missing-authorization-to-authenticated-subscriber-account-takeover-via-email-log-exposure</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wing-migrator/wing-wordpress-migrator-120-cross-site-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dupeoff/dupeoff-16-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atelier-create-cv/atelier-create-cv-115-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-prune-posts/auto-prune-posts-300-cross-site-request-forgery</loc>
<lastmod>2025-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookie-user-info/cookie-notification-plugin-for-wordpress-109-sql-injection</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-619-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arprice/arprice-413-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homepage-pop-up/homepage-popup-125-cross-site-request-forgery</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-delete-user-accounts/wp-delete-user-accounts-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-471-cross-site-request-forgery-via-uploading-flash-file</loc>
<lastmod>2017-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-171-reflected-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-a-better-search-4221-missing-authorization-to-unauthenticated-count-option-update</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syntaxhighlighter/syntaxhighlighter-evolved-319-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-base-terms/custom-base-terms-1023-authenticated-administrator-stored-cross-site-scripting-via-base</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/our-services-showcase/our-services-showcase-20-missing-authorization</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pray-for-me/pray-for-me-104-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kids-gift-shop/kids-gift-shop-054-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-136-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-1262-improper-authorization-via-wpcom-external-media-rest-endpoints</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ticket-help-desk-system-lite/support-helpdesk-ticket-system-lite-452-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo-advanced-attachments/wpforo-wpforo-advanced-attachments-313-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-182-authenticated-contributor-stored-cross-site-scripting-via-button</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform-pro/metform-pro-396-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-09T21:09:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1587-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-site-protect/wp-site-protect-10-cross-site-scripting</loc>
<lastmod>2017-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chocolate-house/chocolate-house-115-missing-authorization</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-733-arbitrary-comment-additioneditiondeletion-by-cross-site-request-forgery</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-custom-reports/cm-custom-reports-127-authenticated-administrator-stored-cross-site-scripting-via-plugin-labels</loc>
<lastmod>2026-03-19T19:57:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tippy/tippy-621-authenticated-contributor-stored-cross-site-scripting-via-tippy-shortcode</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classic-editor-addon/classic-editor-addon-264-cross-site-request-forgery</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-formerly-ditty-news-ticker-3014-reflected-cross-site-scripting</loc>
<lastmod>2022-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/covertvideopress/covert-videopress-all-known-versions-cross-site-scripting</loc>
<lastmod>2013-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-739-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sort-order/wp-sort-order-131-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-salesforce/integration-for-contact-form-7-and-salesforce-133-open-redirect</loc>
<lastmod>2023-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-llama/quotes-llama-315-unauthenticated-sql-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userplus/userplus-20-missing-authorization-via-multiple-functions</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-gate/age-gate-354-missing-authorization</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift4u-gift-cards-all-in-one-for-woo/gift4u-gift-cards-all-in-one-for-woo-1010-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-1031-authenticated-subscriber-sql-injection-via-is_linking-query-parameter</loc>
<lastmod>2026-01-05T20:24:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qe-seo-handyman/qe-seo-handyman-10-authenticated-administrator-sql-injection</loc>
<lastmod>2022-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marekkis-watermark/marekkis-watermark-plugin-094-cross-site-scripting</loc>
<lastmod>2013-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photospace-responsive/photospace-responsive-220-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce/persian-woocommerce-580-reflected-cross-site-scripting</loc>
<lastmod>2022-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-reviews-import-export-for-woocommerce/product-reviews-import-export-for-woocommerce-148-csv-injection</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-core-265-cross-site-scripting</loc>
<lastmod>2008-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-by-supsystic/popup-by-supsystic-11029-authenticated-admin-remote-code-execution</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-533-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnileads-scripts-and-tags-manager/omnileads-scripts-and-tags-manager-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-60-stored-cross-site-scripting</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-sales-crm/dx-sales-crm-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticket/customer-service-software-support-ticket-system-5104-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-mailer-email-log-delivery-failure-notifications-and-best-mail-smtp-for-wordpress-287-authorization-bypass-via-type-connect-app-api</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-my-post/rate-my-post-star-rating-plugin-by-feedbackwp-344-insecure-direct-object-reference</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-1192-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2026-02-02T18:07:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-license-manager/woocommerce-license-manager-531-reflected-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiotvietsync/kiotviet-sync-185-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-11-04T18:55:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-filterable-portfolio/responsive-filterable-portfolio-1019-reflected-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-table/product-table-for-woocommerce-by-codeastrology-wooproducttablecom-351-information-exposure</loc>
<lastmod>2024-11-22T15:10:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jazzcash-woocommerce-gateway/woocommerce-jazzcash-gateway-plugin-20-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-31221-unauthenticated-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2026-04-17T10:47:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-forms/caldera-forms-194-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/catwalk/catwalk-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailpoet/mailpoet-531-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/language-field/language-field-09-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-63030-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-elements/powerpack-pro-for-elementor-2108-cross-site-request-forgery-to-plugin-settings-modification-and-cross-site-scripting</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-forms-plugin-for-wordpress-916-authenticated-admin-sql-injection</loc>
<lastmod>2025-10-10T19:07:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/akismet/akismet-spam-protection-202-cross-site-scripting</loc>
<lastmod>2007-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-fancybox/firelight-lightbox-233-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-client-logo-carousel-slider/logo-carousel-clients-logo-carousel-for-wp-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-119-sql-injection</loc>
<lastmod>2022-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-360-authenticated-contributor-stored-cross-site-scripting-via-fancy-text-countdown-widget-and-login-form-shortcodes</loc>
<lastmod>2025-02-25T19:36:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eagle-booking/eagle-booking-1343-cross-site-request-forgery</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shuffle/shuffle-05-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meow-gallery/meow-gallery-527-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wti-like-post/wti-like-post-146-ip-spoofing</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-razorpay/razorpay-for-woocommerce-456-cross-site-request-forgery</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/service-boxs/service-box-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T21:09:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-a-meta-field-as-block/meta-field-block-152-authenticated-contributor-stored-cross-site-scripting-via-tagname-block-attribute</loc>
<lastmod>2026-05-13T18:17:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-4131-cross-site-request-forgery</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-1812-cross-site-scripting</loc>
<lastmod>2020-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-sumotto/csv-sumotto-10-reflected-cross-site-scripting</loc>
<lastmod>2025-12-05T17:36:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rankology-seo-all-in-one-seo-analytics/rankology-seo-on-site-seo-224-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-builder-for-wpbakery-page-builder/team-builder-for-wpbakery-page-builderformerly-visual-composer-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:31:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-antispam/antispam-for-contact-form-7-060-reflected-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medeus/medeus-114-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yungen/yungen-1012-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-show-posts/wp-show-posts-115-improper-authorization-to-information-exposure</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-359-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designer/designer-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navz-photo-gallery/acf-photo-gallery-field-174-reflected-cross-site-scripting</loc>
<lastmod>2021-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/golo/golo-directory-listing-travel-wordpress-theme-1610-missing-authorization-to-privilege-escalation-via-unauthenticated-arbitrary-user-password-change</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aparat/aparat-171-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-hero/slider-hero-820-cross-site-request-forgery-bypass</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-161-unauthenticated-sql-injection</loc>
<lastmod>2020-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-783-sensitive-information-exposure-via-exposed-hubspot-api-keys</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medibazar/multiple-themes-by-klbtheme-various-versions-cross-site-request-forgery</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-371-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crayon-syntax-highlighter/crayon-syntax-highlighter-2610-directory-traversal</loc>
<lastmod>2015-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnelkit-funnel-builder-for-woocommerce-checkout-31501-unauthenticated-sql-injection</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/server-status-by-hostnameip/server-status-by-hostnameip-46-sql-injection</loc>
<lastmod>2019-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unitravel/unitravel-142-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/wp-cerber-893-access-bypass-control</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wm-options-import-export/wm-options-import-export-101-unauthenticated-information-exposure</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-role-change/bulk-change-role-11-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payplus-payment-gateway/payplus-payment-gateway-707-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-121-authenticated-subscriber-stored-cross-site-scripting-via-yrc_langvideos</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-progress-bar/responsive-progress-bar-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:16:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-user-profile/simple-user-profile-19-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-571-authenticated-contributor-sql-injection</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplesamlphp-authentication/simplesamlphp-authentication-070-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T20:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1321-reflected-cross-site-scripting</loc>
<lastmod>2022-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-carousel-slider-for-woocommerce/woocommerce-product-carousel-slider-335-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sastra-essential-addons-for-elementor/spexo-addons-for-elementor-1023-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2025-08-23T16:25:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-views-count/page-view-count-280-284-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-unishippers-edition/ltl-freight-quotes-unishippers-edition-258-missing-authorization</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ilc-thickbox/ilc-thickbox-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-classified-ads-business-directory-plugin-404-unauthenticated-settings-exposure</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/threepress/threepress-171-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opt-in-panda/onepress-opt-in-panda-262-missing-authorization-on-ajax-actions</loc>
<lastmod>2022-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wrc-pricing-tables/wrc-pricing-tables-234-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idraw/i-draw-10-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wordpress-shortcodes-plugin-shortcodes-ultimate-500-authenticated-remote-code-execution</loc>
<lastmod>2017-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multitasking/wp-multitasking-0112-cross-site-request-forgery-to-welcome-popup-update</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clevernode-related-content/clevernode-related-content-115-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-news-editors-picks-news-feeds/google-news-editors-picks-feed-generator-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik/estatik-431-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-classified-ads-business-directory-plugin-30103-missing-authorization-to-authenticated-subscriber-arbitrary-attachment-deletion</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-480-authenticated-contributor-stored-cross-site-scripting-via-raw-content</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-best-wordpress-popup-plugin-436-missing-authorization-to-information-exposure</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-65054-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream/stream-392-cross-site-request-forgery</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/naver-analytics/naver-analytics-09-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-plus-for-woocommerce-724-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-278-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-303-authenticatededitor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-157-authenticated-contributor-stored-cross-site-scripting-via-moo_receipt_link-shortcode</loc>
<lastmod>2024-10-14T19:57:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-image-gallery/easy-image-gallery-153-authenticated-contributor-stored-cross-site-scripting-via-gallery-shortcode-post-meta</loc>
<lastmod>2026-03-20T15:17:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobzilla/jobzilla-job-board-wordpress-theme-20-cross-site-request-forgery</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glasses-for-woocommerce/chatgpt-open-ai-images-content-for-woocommerce-220-reflected-cross-site-scipting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-383-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hal/hal-211-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.4/wordpress-core-442-open-redirect-via-wp_validate_redirect</loc>
<lastmod>2016-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-25102-authenticated-author-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-user-profile-user-registration-forms-390-insecure-password-reset-mechanism</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-album-gallery/album-gallery-wordpress-gallery-157-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-sales-tax/taxcloud-for-woocommerce-838-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6020-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-235-missing-authorization-to-unauthenticated-arbitrary-file-sharing-via-file_id-parameter</loc>
<lastmod>2026-01-27T21:50:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wn-flipbox-pro/wn-flipbox-pro-21-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xsmart/xsmart-1294-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-5141-cross-site-request-forgery-via-ts_reset_tracking_setting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-simple-subscriptions/super-simple-subscriptions-110-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-6105-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-764-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-customizer-for-woocommerce-with-drag-drop-builder/woomail-woocommerce-email-customizer-3034-authenticated-subscriber-missing-authorization-to-sql-injection</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-support-system/ilghera-support-system-for-woocommerce-126-missing-authorization-to-authenticated-subscriber-arbitrary-ticket-deletion</loc>
<lastmod>2026-01-05T15:05:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taxonomy-filter/taxonomy-filter-229-cross-site-request-forgery-via-taxonomy_filter_save_main_settings</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/angwp/adning-advertising-155-unauthenticated-arbitrary-file-deletion-via-path-traversal</loc>
<lastmod>2020-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autolisticle-automatically-update-numbered-list-articles/autolisticle-automatically-update-numbered-list-articles-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anthologize/anthologize-080-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/avante/avante-305-reflected-cross-site-scripting</loc>
<lastmod>2026-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-cf7-database/peprodev-cf7-database-180-cross-site-request-forgery</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-carousel-free/wp-carousel-free-2710-authenticated-contributor-stored-cross-site-scripting-via-data-caption-attribute</loc>
<lastmod>2026-05-04T15:01:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-and-restore-for-wp/backup-and-restore-plugin-wordpress-103-authenticated-admin-arbitrary-file-deletion</loc>
<lastmod>2021-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-logic/plugin-logic-107-authenticated-administrator-sql-injection</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-engage-217-cross-site-scripting</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-ptb/post-type-builder-210-reflected-cross-site-scripting</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-authenticated-contributor-stored-xss-3107-authenticated-contributor-stored-cross-site-scripting-via-event-calendar-widget</loc>
<lastmod>2024-05-15T20:30:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-widget-area/custom-widget-area-125-missing-authorization-to-authenticated-subscriber-menu-alteration</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/wordpress-classifieds-plugin-ad-directory-listings-by-awp-classifieds-20-arbitrary-file-upload</loc>
<lastmod>2012-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/euro-fxref-currency-converter/euro-fxref-currency-converter-202-authenticated-contributor-stored-cross-site-scripting-via-currency-shortcode</loc>
<lastmod>2025-06-19T19:52:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-554-cross-site-request-forgery-to-poll-duplication</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-245-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-html-sitemap/wp-html-sitemap-12-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melipayamak/melipayamak-2212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proofreading/proofreading-11-reflected-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/light-poll/light-poll-100-cross-site-request-forgery-to-poll-deletion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-68-authenticated-subscriber-stored-cross-site-scripting-via-profile-signatures</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fl3r-feelbox/fl3r-feelbox-81-unauthenticated-sql-injection</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defender-security/defender-security-246-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/project-honey-pot-spam-trap/project-honey-pot-spam-trap-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-17T20:09:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkmyposts/link-my-posts-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-742-insecure-direct-object-references</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-buttons/animated-buttons-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-20T20:30:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-generation/button-generator-easily-button-builder-232-cross-site-request-forgery</loc>
<lastmod>2021-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avartan-slider-lite/avartan-slider-lite-153-reflected-cross-site-scripting-via-asview-nouce</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-security-firewall-malware-scan-7113-reflected-cross-site-scripting-and-information-disclosure</loc>
<lastmod>2018-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2019-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kama-clic-counter/kama-click-counter-349-blind-sql-injection</loc>
<lastmod>2017-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ssl-zen/ssl-zen-free-let039s-encrypt-ssl-certificate-httpsssl-redirect-wordpress-plugin-450-sensitive-information-exposure</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complete-google-seo-scan/complete-google-seo-scan-351-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-special-characters/semver-regex-313-and-400-403-regular-expression-denial-of-service-redos</loc>
<lastmod>2022-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aria-font/aria-font-14-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3267-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase-ultimate/team-showcase-and-slider-team-members-builder-13-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-and-user-login-4603-authenticated-settings-import-to-privilege-escalation</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portable-phpmyadmin/portable-phpmyadmin-130-authentication-bypass</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/electric-studio-client-login/electric-studio-client-login-081-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-delete-posts/duplicate-post-wordpress-plugin-119-sql-injection</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svs-pricing-tables/svs-pricing-tables-104-cross-site-request-forgery-to-pricing-table-deletion</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-369-cross-site-request-forgery</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/printy/printy-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6311-reflected-cross-site-scripting</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-202-unauthenticated-arbitrary-options-update</loc>
<lastmod>2022-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1206-unauthenticated-price-manipulation</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appexperts/appexperts-145-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-team-manager/custom-team-manager-242-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ksher-payment/ksher-111-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-free-and-pro-5810-to-5125-600-to-615-reflected-cross-site-scripting-via-post_status</loc>
<lastmod>2023-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booktics/booktics-1016-missing-authorization</loc>
<lastmod>2026-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/droit-elementor-addons/droit-elementor-addons-315-cross-site-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/golo/golo-170-authentication-bypass-to-account-takeover</loc>
<lastmod>2025-06-02T16:21:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/move-addons/move-addons-for-elementor-129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/deep-blue/deep-blue-192-arbitrary-file-upload</loc>
<lastmod>2018-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-1106-settings-update-to-stored-cross-site-scripting</loc>
<lastmod>2021-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-644-cross-site-request-forgery-via-cmplz_duplicate_cookiebanner</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-microblogs/wp-microblogs-040-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bookory/bookory-227-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-sendinblue/smtp-for-sendinblue-yaysmtp-12-unauthenticated-stored-cross-site-scripting-via-email-logs</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-svg/support-svg-100-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eros/eros-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-wordpress-event-ticketing-3564-missing-authorization-to-authenticated-subscriber-eventpost-status-update</loc>
<lastmod>2026-02-17T16:41:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnishop/omnishop-109-cross-site-request-forgery-to-arbitrary-user-deletion-via-usersdelete-rest-endpoint</loc>
<lastmod>2025-07-22T14:02:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/first-graders-toolbox/1-click-disable-all-101-cross-site-request-forgery</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-410-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bg-patriarchia-bu/bg-patriarchia-bu-223-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wh-cache-and-security/wh-cache-security-112-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-user-enumeration/stop-user-enumeration-134-username-enumeration-bypasses</loc>
<lastmod>2017-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-vietnam-checkout/woocommerce-vietnam-checkout-204-reflected-cross-site-scripting</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-by-feedify/feedify-web-push-notifications-218-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-as-customer-or-user/login-as-user-or-customer-18-missing-authorization-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-stream-design/wp-social-stream-designer-13-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-11T14:35:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-sheets/time-sheets-1292-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-231-captcha-bypass</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-2433-reflected-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/diary-availability-calendar/diary-availability-calendar-103-authenticated-subscriber-sql-injection</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/heartstar/heartstar-1014-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-business-intelligence-lite/wp-business-intelligence-lite-162-sql-injection</loc>
<lastmod>2015-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jw-player-plugin-for-wordpress/jw-player-for-flash-html5-video-214-cross-site-request-forgery-leading-to-player-deletion</loc>
<lastmod>2014-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redi-restaurant-reservation/redi-restaurant-reservation-230211-missing-authorization</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-210-sql-injection</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-ai-powered-travel-booking-hotel-booking-car-rental-wordpress-plugin-2225-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/companion-auto-update/companion-auto-update-320-local-file-inclusion</loc>
<lastmod>2018-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixfields/pixfields-070-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templatesnext-toolkit/templatesnext-toolkit-327-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erident-custom-login-and-dashboard/erident-custom-login-and-dashboard-341-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-pro-1915-sql-injection-via-option_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-bookings-premium/gravity-forms-booking-271-authenticated-subscriber-time-based-sql-injection-via-staff_id</loc>
<lastmod>2026-06-24T15:22:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3234-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/curvo/curvo-theme-all-known-versions-cross-site-request-forgery-and-arbitrary-file-upload</loc>
<lastmod>2013-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/innovs-hr-manager/innovs-hr-complete-human-resource-management-system-for-your-business-1034-cross-site-request-forgery</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-manager/checkout-field-manager-checkout-manager-for-woocommerce-781-unauthenticated-limited-file-upload</loc>
<lastmod>2026-02-18T15:22:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clasify-classified-listing/clasify-classified-listing-107-reflected-cross-site-scripting</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-log/link-log-external-link-click-monitor-21-sql-injection</loc>
<lastmod>2015-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/widgetkit-254-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-128-sensitive-information-exposure</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webmaster-tools/webmaster-tools-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-planzer-shipping/shipping-via-planzer-for-woocommerce-1025-reflected-cross-site-scripting-via-processed-ids</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phpls/phplist-subber-11-cross-site-request-forgery</loc>
<lastmod>2025-09-10T19:04:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-button/shortcode-button-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-14T19:36:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-notification/simple-notification-13-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-04T19:19:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thecartpress/thecartpress-ecommerce-shopping-cart-1536-directory-traversal</loc>
<lastmod>2015-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-posts-to-subscribers/email-posts-to-subscribers-62-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laser/laser-111-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-ticker/stock-ticker-3230-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery-with-slideshow/image-gallery-with-slideshow-plugin-152-blind-sql-injection-via-imgid</loc>
<lastmod>2017-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wordpress-4402-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-sync-master-sheet/sync-master-sheet-product-sync-with-google-sheet-for-woocommerce-113-missing-authorization</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-data-access/wp-data-access-5536-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realty-portal/realty-portal-041-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-11-20T19:23:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-staging/content-staging-201-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-extended/embed-extended-embed-maps-videos-websites-source-codes-and-more-140-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-1513-cross-site-request-forgery</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hover-effects/hover-effects-easily-create-any-hover-effect-21-authenticated-local-file-inclusion</loc>
<lastmod>2022-05-16T12:18:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bus-booking-manager/multipurpose-ticket-booking-manager-422-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crumber-elementor/crumber-1010-missing-authorization</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-products-widgets-for-elementor/woo-products-widgets-for-elementor-204-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-the-code/copy-anything-to-clipboard-264-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-3230-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopp/shopp-14-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2021-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apply-online/applyonline-262-unauthenticated-application-disclosure</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-circle-progress-bar/cc-circle-progress-bar-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fluer/fleur-20-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rockhoist-ratings/rockhoist-ratings-123-sql-injection</loc>
<lastmod>2018-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antibots/stop-and-block-bots-plugin-anti-bots-148-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-217-cross-site-request-forgery</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-post-submission-manager-lite/frontend-post-submission-manager-lite-frontend-posting-wordpress-plugin-122-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-09-05T18:13:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/wordpress-tour-travel-booking-plugin-for-woocommerce-wptravelly-171-missing-authorization-via-ttbm_new_place_save</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-114-unauthenticated-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-boards/fluentboards-1911-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailpress/mailpress-721-cross-site-request-forgery</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesale-pricing-woocommerce/quantity-dynamic-pricing-bulk-discounts-for-woocommerce-380-reflected-cross-site-scripting</loc>
<lastmod>2024-10-03T14:03:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divebook/divebook-114-reflected-cross-site-scripting</loc>
<lastmod>2020-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adifier-system/adifier-system-314-unauthenticated-local-file-inclusion</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-regenerate-select-crop/image-regenerate-select-crop-710-cross-site-request-forgery-on-multiple-ajax-actions</loc>
<lastmod>2023-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colorlib-coming-soon-maintenance/coming-soon-maintenance-mode-by-colorlib-1098-administrator-cross-site-scripting</loc>
<lastmod>2022-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-social-network-membership-registration-user-profiles-6450-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-09T19:04:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-3729-reflected-cross-site-scripting</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-10961-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/post-grid-gutenberg-blocks-for-news-magazines-blog-websites-postx-503-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-12-20T14:15:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-max-ips-per-user/limit-max-ips-per-user-15-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-1511-missing-authorization-to-authenticated-subscriber-sensitive-information-disclosure-via-forminator_action-parameter</loc>
<lastmod>2026-05-06T12:50:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-420-cross-site-request-forgery-via-review_nag_check</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-contact-form/quick-contact-form-825-cross-site-request-forgery</loc>
<lastmod>2025-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-breadcrumbs/sb-breadcrumbs-10-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-62-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vipergb/wp-vipergb-161-cross-site-request-forgery</loc>
<lastmod>2024-05-23T14:23:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/organic-beauty/organic-beauty-146-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.2/wordpress-core-121-cross-site-scripting</loc>
<lastmod>2004-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pt-elementor-addons-lite/appsero-120-cross-site-request-forgery</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-social-media-icon/social-media-flying-icons-floating-social-media-icon-435-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-27T08:17:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/wordpress-infinite-scroll-ajax-load-more-711-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2024-05-31T14:21:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doliconnect/doliconnect-957-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-pay/wp-easypay-404-reflected-cross-site-scripting</loc>
<lastmod>2023-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remote-images-grabber/remote-images-grabber-06-reflected-cross-site-scripting</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eptonic/eptonic-14-arbitrary-file-upload</loc>
<lastmod>2013-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-number-counters/animated-number-counters-16-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freshmail-integration/freshmail-for-wordpress-232-reflected-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-catalog-enquiry/product-catalog-mode-for-woocommerce-502-missing-authorization</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce-sms/persian-woocommerce-sms-702-reflected-cross-site-scripting</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpide/wpide-349-unauthenticated-full-path-dislcosure</loc>
<lastmod>2024-10-14T10:52:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-867-authenticated-contributor-stored-cross-site-scripting-via-pcsml_smartlists_h</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-toolbar/wordpress-toolbar-plugin-226-open-redirect-via-wptbto</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/refer-a-friend-widget-for-wp/wordpress-invitebox-plugin-141-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-video-gallery-with-lightbox/video-carousel-slider-with-lightbox-1022-reflected-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geoip-detect/geolocation-ip-detection-550-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tariffuxx/tariffuxx-14-authenticated-contributor-sql-injection-via-tariffuxx_configurator-shortcode</loc>
<lastmod>2025-10-14T20:00:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chroma/chroma-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-726-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-switch/wp-user-switch-102-authenticated-subscriber-authentication-bypass-via-cookie</loc>
<lastmod>2023-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-getresponse-extension/contact-form-7-getresponse-extension-108-unauthenticated-information-exposure</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wdesignkit/wdesignkit-elementor-gutenberg-starter-templates-patterns-cloud-workspace-widget-builder-1216-missing-authentication-via-wdkit_handle_review_submission-function</loc>
<lastmod>2025-10-03T14:09:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-dropshipping/woocommerce-dropshipping-504-missing-authorization-to-unauthenticated-arbitrary-email-send</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-affiliate-links/easy-affiliate-links-373-missing-authorization-to-authenticated-subscriber-settings-reset</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-blocks/cp-blocks-1014-authenticated-stored-cross-site-scripting-via-license-id-settings</loc>
<lastmod>2022-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide-anything/slide-anything-responsive-content-html-slider-and-carousel-2343-editor-cross-site-scripting</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-1995-unauthenticated-arbitrary-directory-deletion</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-cookie-banner/real-cookie-banner-349-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-260-missing-authorization</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-wordpress-backup-plugin-141-directory-traversal</loc>
<lastmod>2011-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi/relevanssi-a-better-search-338-cross-site-scripting</loc>
<lastmod>2015-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turitop-booking-system/turitop-booking-system-1010-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-social-login/wordpress-social-login-304-reflected-cross-site-scripting</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse-news/gutenverse-news-104-authenticated-contributor-stored-cross-site-scripting-via-elementid-parameter</loc>
<lastmod>2025-06-18T21:18:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-plugin-381-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2014-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nooz/nooz-160-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-910-race-condition-to-remote-code-execution</loc>
<lastmod>2018-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdb-to-sql/wpdb-to-sql-12-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-2114-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-add-media-from-url/lh-add-media-from-url-122-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-514-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-355-unauthenticated-sql-injection</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundrise-music/soundrise-music-17-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vidorev-extensions/vidorev-extensions-2999995-missing-authorization-to-unauthenticated-youtube-video-import</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-vector-icon-plugin/wp-svg-icons-322-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2019-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-241258-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mtcaptcha/mtcaptcha-wordpress-plugin-272-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-06T19:35:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rootspersona/rootspersona-375-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blaze/blaze-theme-all-versions-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration-calendar-by-vcita/event-registration-calendar-by-vcita-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T19:01:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpress/sendpress-newsletters-120713-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-postratings/wp-postratings-186-cross-site-scripting</loc>
<lastmod>2020-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-yearly-archive/simple-yearly-archive-218-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/health-check/health-check-troubleshooting-151-cross-site-request-forgery-via-health_check_troubleshoot_get_captures</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-elementor-addons/better-elementor-addons-141-authenticatedcontributor-stored-cross-site-scripting-via-widget-links</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/oauth-single-sign-on-sso-oauth-client-62612-cross-site-request-forgery</loc>
<lastmod>2025-09-25T13:34:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms-anti-spam/maspik-spam-blacklist-092-unauthenticated-stored-cross-site-scripting-via-efas_add_to_log</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post/duplicate-post-323-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-slides/post-slides-101-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-1032-missing-authorization</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-table-for-woocommerce/product-table-for-woocommerce-124-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-the-ultimate-help-desk-support-plugin-288-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acumbamail-signup-forms/acumbamail-1041-sensitive-information-disclosure</loc>
<lastmod>2014-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codebard-help-desk/codebard-help-desk-111-cross-site-request-forgery</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memphis-documents-library/memphis-documents-library-2616-cross-site-scripting</loc>
<lastmod>2014-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kanpress/kanpress-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/google-calendar-events-359-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-database-tables/custom-database-tables-2134-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podclankova-inzerce/podlnkov-inzerce-240-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/repute-arforms-351-unauthenticated-arbitrary-file-deletion-via-path-traversal</loc>
<lastmod>2018-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uploadify-integration/uploadify-integration-097-reflected-cross-site-scripting</loc>
<lastmod>2012-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-209-cross-site-scripting</loc>
<lastmod>2007-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0859-local-file-inclusion</loc>
<lastmod>2016-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/court-reservation/court-reservation-manage-your-court-bookings-online-1109-cross-site-request-forgery</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-205-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-320-cross-site-request-forgery</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popular-posts/wordpress-popular-posts-533-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-04T20:59:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wp-backup-migration-plugin-1264-free-2265-premium-unauthenticated-authentication-bypass-via-updraftcentral-udrpc</loc>
<lastmod>2026-06-10T16:41:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-297-missing-authorization-to-information-exposure</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-guardian-news-feed/the-guardian-news-feed-12-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-manager/wp-simple-pay-lite-manager-14-authenticated-administrator-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-218-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugnedit/plugnedit-adaptive-editor-620-cross-site-request-forgery-leading-to-stored-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-crm-forms/zoho-crm-lead-magnet-1691-reflected-cross-site-scripting</loc>
<lastmod>2019-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedwordpress/feedwordpress-20150426-cross-site-scripting</loc>
<lastmod>2015-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/property-hive-222-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-free-version-103025-unauthenticated-arbitrary-file-read-via-booking-file-field-path-traversal</loc>
<lastmod>2026-05-01T21:28:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginizer/loginizer-135-cross-site-request-forgery</loc>
<lastmod>2017-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-653-csv-injection</loc>
<lastmod>2020-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-308-unauthenticated-php-object-injection</loc>
<lastmod>2025-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoracer/photoracer-plugin-10-sql-injection</loc>
<lastmod>2009-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vdz-google-analytics/vdz-google-analytics-or-google-tag-manager-149-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogstand-smart-banner/blogstand-banner-10-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashing-memberships/dashing-memberships-11-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breakdance/breakdance-170-authenticatedcontributor-stored-cross-site-scripting-via-custom-postmeta</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copify/copify-130-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-1436-sql-injection</loc>
<lastmod>2015-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-206-information-disclosure-modification-and-denial-of-service</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-38143-missing-authorization</loc>
<lastmod>2014-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooshark-woocommerce-dropshipping/dropshipping-and-affiliates-for-amazon-and-woocommerce-143-missing-authorization</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metadata-seo/metadata-seo-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-floating-content-lite/advanced-floating-content-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-30-cross-site-request-forgery</loc>
<lastmod>2018-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-survey/perfect-survey-152-unauthenticated-stored-cross-site-scripting-via-ip</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mmx-make-me-christmas/mmx-8211-make-me-christmas-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careerfy/careerfy-70-cross-site-request-forgery-and-missing-authorization</loc>
<lastmod>2021-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-manager-and-tickets-selling-for-woocommerce-358-sql-injection</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-drag-drop-wordpress-form-builder-to-create-style-and-embed-multiple-forms-of-any-complexity-11217-missing-authorization-to-authenticated-subscriber-arbitrary-file-deletion-via-surveyjs_deletefile</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddystream/buddystream-362-reflected-cross-site-scripting</loc>
<lastmod>2012-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1271-cross-site-request-forgery</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-memberships-groups-and-communities-510-reflected-cross-site-scripting</loc>
<lastmod>2022-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syntaxhighlighter/syntaxhighlighter-evolved-351-stored-cross-site-scripting</loc>
<lastmod>2019-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aawp/amazon-affiliate-3122-reflected-file-download</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-2512-sql-injection</loc>
<lastmod>2015-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/morning-records/morning-records-music-sound-studio-wordpress-theme-12-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invite-anyone/invite-anyone-1316-email-injection</loc>
<lastmod>2017-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/diza/diza-1315-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-url/pretty-url-154-cross-site-request-forgery</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-custom-fields/smart-custom-fields-422-missing-authorization-to-authenticated-subscriber-post-content-disclosure</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
</urlset>
