<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b2i-investor-tools/b2i-investor-tools-1079-reflected-cross-site-scripting</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-contact/clean-contact-16-cross-site-request-forgery</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-management-for-woocommerce/woocommerce-category-banner-management-251-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastspring/fastspring-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T18:08:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-6920-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-249-authenticated-subscriber-arbitrary-file-deletion-via-resume-custom-file-field</loc>
<lastmod>2026-03-25T10:39:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exact-links/url-shortener-307-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3624-authenticated-admin-arbitrary-file-deletion</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weforms/weforms-1627-authenticated-subscriber-stored-cross-site-scripting-via-hidden-field-value-via-rest-api</loc>
<lastmod>2026-03-10T17:12:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multi-currency/multi-currency-for-woocommerce-155-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ignition/multiple-thrive-themes-200-arbitrary-file-upload</loc>
<lastmod>2021-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joy-of-text/joy-of-text-lite-231-cross-site-request-forgery</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snowy/snowy-113-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-ticker/stock-ticker-3261-authenticated-administrator-stored-cross-site-scripting-via-template</loc>
<lastmod>2026-03-06T11:30:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-click-migration/1-click-wordpress-migration-plugin-100-free-for-a-limited-time-22-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-05-08T18:08:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/colormag/colormag-312-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nutrie/nutrie-201-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-203-cross-site-scripting-via-search-parameter</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-571-unauthenticated-arbitrary-password-reset-to-privilege-escalation</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pardot/pardot-210-missing-authorization</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-banner/mobile-banner-15-cross-site-request-forgery-leading-to-plugin-settings-changes</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hellofollowers/hello-followers-25-reflected-cross-site-scripting</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thumbs-rating/thumbs-rating-510-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dwnldr/dwnldr-101-cross-site-scripting</loc>
<lastmod>2016-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-counter/simple-download-counter-22-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-535-unauthenticated-stored-cross-site-scripting-via-fh</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-popup-plugin/simple-popup-46-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20238-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clink/clink-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bus-ticket-booking-with-seat-reservation/bus-ticket-booking-with-seat-reservation-525-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theperfectweddingnl-widget/theperfectweddingnl-widget-28-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T15:38:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navigation-du-lapin-blanc/navigation-du-lapin-blanc-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/contact-form-lead-form-elementor-builder-174-arbitrary-settings-change</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/injob/injob-multi-features-for-recruitment-wordpress-theme-338-cross-site-scripting</loc>
<lastmod>2019-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotlight-social-photo-feeds-premium/spotlight-social-media-feeds-premium-171-unauthenticated-information-exposure</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3633-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codebard-help-desk/codebard-help-desk-112-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithoughts-advanced-code-editor/ithoughts-advanced-code-editor-1210-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-07-23T20:45:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-2010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/cookie-consent-for-wp-cookie-consent-consent-log-cookie-scanner-script-blocker-for-gdpr-ccpa-eprivacy-365-missing-authorization-to-authenticated-subscriber-whitelist-script</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cachecom/wp-cachecom-111-cross-site-request-forgery</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-contact-us/ai-contact-us-form-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows/woocommerce-checkout-funnel-builder-by-cartflows-create-high-converting-stores-for-woocommerce-207-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-4412-cross-site-request-forgery-to-page-creation</loc>
<lastmod>2022-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2692-authenticated-contributor-stored-cross-site-scripting-via-infobox</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auyautochat-for-wp/autochat-automatic-conversation-119-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wats/wordpress-advanced-ticket-system-elite-support-helpdesk-1063-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-pop-up-banners/cm-pop-up-banners-1410-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-frontend-file-upload-form-secure-file-sharing-1758-authenticated-contributor-arbitrary-file-download</loc>
<lastmod>2026-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-741-stored-cross-site-scripting</loc>
<lastmod>2021-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-custom-reports/cm-custom-reports-127-reflected-cross-site-scripting-via-date_from-and-date_to-parameters</loc>
<lastmod>2026-03-06T11:33:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3319-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/threewp-broadcast/broadcast-5101-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T16:00:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-content/private-content-8115-missing-authorization</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/organization-chart/organization-chart-175-cross-site-request-forgery</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-183-authenticatedsubscriber-server-side-request-forgery</loc>
<lastmod>2023-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toast-stick-anything/sticky-anything-215-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vayvo-progression/vayvo-68-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fruitcake-horsemanager/horsemanager-13-authenticated-contributor-sql-injection</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-buttons-by-supsystic/social-share-buttons-by-supsystic-226-sql-injection</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-renamer-extended/admin-renamer-extended-321-cross-site-request-forgery</loc>
<lastmod>2019-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulp-duplicate-post-sql-timebased/indeed-ultimate-learning-pro-39-authenticated-administrator-sql-injection-via-post_id-parameter</loc>
<lastmod>2025-02-20T21:27:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-to-json/form-to-json-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lockerpress-wordpress-security/lockerpress-wordpress-security-plugin-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:32:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-287-missing-authorization-to-information-disclosure-sd_option_value</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugins-list/plugins-list-25-authenticated-author-stored-cross-site-scripting-via-replace_plugin_list_tags</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminpad/adminpad-21-cross-site-request-forgery</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-308-authenticated-author-privilege-escalation</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mergado-marketing-pack/mergado-pack-411-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notification-for-telegram/notification-for-telegram-351-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-wordpress-affiliate-plugin-354-missing-authorization-via-atkp_create_list</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberful-wp/memberful-membership-plugin-1737-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-buttons-social-sharing-icons-285-information-exposure</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-442-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genzel-breadcrumbs/genzel-breadcrumbs-12-cross-site-request-forgery-to-settings-update-via-plugin-settings-page</loc>
<lastmod>2026-05-26T17:21:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gift-cards-lite/ultimate-gift-cards-for-woocommerce-314-authenticated-administrator-sql-injection-via-wps_wgm_save_post-function</loc>
<lastmod>2025-06-02T19:33:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mayosis-core/mayosis-core-547-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.3/wordpress-core-15-231-authorization-bypass</loc>
<lastmod>2007-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-11119-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-535-authenticated-cross-site-scripting</loc>
<lastmod>2016-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-mail/smtp-mail-1114-reflected-cross-site-scripting</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wbc907-core/wbc907-core-341-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-feed-pro/feeds-for-youtube-pro-260-unauthenticated-arbitrary-file-read-via-path-traversal</loc>
<lastmod>2026-01-16T14:01:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accept-authorize-net-payments-using-contact-form-7/accept-authorizenet-payments-using-contact-form-7-25-unauthenticated-information-exposure</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-2936-2942-php-object-injection</loc>
<lastmod>2016-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1290-reflected-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/most-and-least-read-posts-widget/most-and-least-read-posts-widget-2516-authenticatedcontributor-sql-injection-via-widget-settings</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a2z-fedex-shipping/automated-fedex-livemanual-rates-with-shipping-labels-hpos-supported-518-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-survey/modal-survey-20201-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-salesiq/zoho-salesiq-108-stored-cross-site-scripting</loc>
<lastmod>2019-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-google-maps/10web-map-builder-for-google-maps-1069-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-3245-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-recipe/penci-recipe-41-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-414-sql-injection</loc>
<lastmod>2020-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/picture-gallery/picture-gallery-frontend-image-uploads-ajax-photo-list-143-cross-site-scripting</loc>
<lastmod>2021-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5957-reflected-cross-site-scripting</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-516-disabled-membership-registration-bypass</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner-pro/advanced-database-cleaner-pro-3210-authenticated-subscriber-limited-path-traversal</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-469-insufficient-authorization-to-arbitrary-options-update-via-fpd_update_options</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaguemanager/leaguemanager-381-sql-injection</loc>
<lastmod>2013-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table/easy-table-16-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2017-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-poster/fs-poster-658-missing-authorization</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-the-gathering-card-tooltips/magic-the-gathering-card-tooltips-350-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ald-login-page/ald-login-page-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-423-missing-authorization-to-information-exposure</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-velocity-minify/fast-velocity-minify-276-full-path-disclosure</loc>
<lastmod>2019-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversational-forms/conversational-forms-for-chatbot-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iats-online-forms/iats-online-forms-12-authenticated-contributor-sql-injection-via-order-parameter</loc>
<lastmod>2025-08-28T15:44:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevant/relevant-related-featured-latest-and-popular-posts-by-bestwebsoft-120-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/onepress/onepress-2314-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3117-missing-authorization-to-unauthenticated-media-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cits-support-svg-webp-media-upload/cits-support-svg-webp-media-and-ttfotf-file-upload-use-custom-fonts-42-cross-site-request-forgery-to-font-assignment-deletion</loc>
<lastmod>2025-03-21T18:04:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-book-price/woocommerce-book-price-13-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-collapse-o-matic/collapse-o-matic-1855-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-visited-countries-reloaded/wp-visited-countries-reloaded-310-cross-site-scripting</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-testimonial/b-testimonial-testimonial-plugin-for-wp-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-45-server-side-request-forgery</loc>
<lastmod>2016-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-99501-information-exposure</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/specialist/specialist-unspecified-version-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2014-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feeds-for-youtube/feeds-for-youtube-240-missing-authorization</loc>
<lastmod>2025-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-2820-cross-site-request-forgery</loc>
<lastmod>2025-09-25T14:44:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/musicplace/sound-musical-instruments-online-store-169-unauthenticated-php-object-injection</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faces-of-users/faces-of-users-003-authenticated-contributor-stored-cross-site-scripting-via-default-shortcode-attribute</loc>
<lastmod>2026-05-19T12:03:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/quanzo/quanzo-creative-portfolio-template-kit-1010-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-language-translator/google-language-translator-409-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bakkbone-florist-companion/floristpress-for-woo-782-reflected-cross-site-scripting-via-noresults-parameter</loc>
<lastmod>2026-03-25T14:09:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elemin/elemin-143-arbitrary-file-upload</loc>
<lastmod>2013-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-639-missing-authorization-via-dispatch</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3104-authenticated-contributor-stored-cross-site-scripting-via-page-title-html-tag</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced-shortcode/file-manager-advanced-shortcode-wordpress-232-unauthenticated-arbitrary-file-upload-to-remote-code-execution-via-shortcode</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgo-power-charts-lite/power-charts-010-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-04-14T19:45:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wp-simple-shopping-cart-463-information-disclosure</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitpay-checkout-for-woocommerce/bitpay-checkout-for-woocommerce-410-missing-authorization</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customizer-login-page/login-page-customizer-customizer-login-page-admin-page-custom-design-211-missing-authorization</loc>
<lastmod>2025-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6736-authenticated-contributor-arbitrary-file-read-via-used_svg-and-used_images</loc>
<lastmod>2025-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/esme/esme-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-elementor/ultimate-addons-for-elementor-13620-authenticated-contributor-privilege-escalation</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandconference/grand-conference-52-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-4024-improper-access-control-to-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitor-traffic-real-time-statistics-213-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/png-to-jpg/png-to-jpg-58-cross-site-request-forgery-leading-to-stored-cross-site-scripting</loc>
<lastmod>2022-05-06T13:18:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/af-companion/af-companion-112-cross-site-request-forgery</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magee-shortcodes/magee-shortcodes-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/endomondowp/endomondowp-011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-731-unauthenticated-sql-injection-via-orderby-parameter</loc>
<lastmod>2025-01-21T22:24:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3154-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-363-authenticated-administrator-path-traversal</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-44-cross-site-request-forgery-via-save_config</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-403-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpt-to-map-store/custom-post-type-to-map-store-110-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-task-manager/accessibility-task-manager-121-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schedula-smart-appointment-booking/schedula-10-missing-authorization</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-paper-collapse-toggle/master-paper-collapse-toggle-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jiangqie-free-mini-program/jiangqie-free-mini-program-252-unauthenticated-arbitrary-file-uplaod</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator-le/store-locator-plus-4227-email-injection</loc>
<lastmod>2015-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realhomes-crm/real-homes-crm-100-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-152-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-1-click-wp-staging-migration-01083-cross-site-request-forgery-to-local-file-inclusion</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buttons-shortcode-and-widget/buttons-shortcode-and-widget-116-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scan-external-links/scan-external-links-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ect-add-to-cart-button/ect-add-to-cart-button-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-for-japan/japanized-for-woocommerce-256-reflected-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-12018-authenticated-administrator-php-object-injection</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-1548-reflected-cross-site-scripting-via-date_post_id</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/galleria/galleria-103-cross-site-request-forgery-via-showoptionspage</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiebot/cookiebot-by-usercentrics-automatic-cookie-banner-for-gdprccpa-google-consent-mode-464-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/migrate-shopify-to-woocommerce/shopify-to-woocommerce-migration-130-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1095-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-2117-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-warning/cookie-warning-13-cross-site-request-forgery</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-maintenance-mode/smart-maintenance-mode-152-reflected-cross-site-scripting-via-setstatus-parameter</loc>
<lastmod>2025-03-25T14:11:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-profile-shortcodes-extra/bp-profile-shortcodes-extra-252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dailydeal/daily-deal-unknown-versions-arbitrary-file-upload</loc>
<lastmod>2013-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-4145-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7310-sensitive-information-disclosure</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-author-image/easy-author-image-17-authenticated-subscriber-stored-cross-site-scripting-via-profile-picture-url</loc>
<lastmod>2026-02-18T15:53:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/barberry/barberry-29987-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-smart-social-widget/meks-smart-social-widget-16-missing-authorization-to-notice-dimissal</loc>
<lastmod>2023-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint-lite/3dprint-lite-2136-authenticated-admin-sql-injection-via-coating_text</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-tables-and-charts-manager-for-wordpress-330-stored-cross-site-scripting</loc>
<lastmod>2019-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-99-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fb-autoconnect/wp-fb-autoconnect-461-cross-site-request-forgery-via-jfb_admin_page</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-wp/affiliatewp-2140-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-activation</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rabbit-hole/rabbit-hole-11-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2025-12-11T15:09:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-membership/exchange-addon-membership-130-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-368-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-532-cross-site-scripting</loc>
<lastmod>2016-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rehub-framework/rehub-framework-19994-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/wp-extended-3015-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-05-27T20:29:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/wp-all-import-pro-493-authenticated-administrator-server-side-request-forgery-via-file-import</loc>
<lastmod>2024-12-16T16:25:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-for-woocommerce/subscriptions-for-woocommerce-192-missing-authorization-to-unauthenticated-arbitrary-subscription-cancellation</loc>
<lastmod>2026-03-17T14:44:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listdom/listdom-ai-powered-business-directory-with-classifieds-ads-listings-540-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-woocommerce/products-order-customers-export-for-woocommerce-2010-reflected-cross-site-scripting-via-date-parameters</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sibs-woocommerce/sibs-woocommerce-220-authenticated-admin-sql-injection-via-referencedid-parameter</loc>
<lastmod>2026-02-03T19:30:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-opt-in/wp-opt-in-141-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-snippet-manager/content-snippet-manager-115-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-2137-missing-authorization-via-generate_ai_content</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171036-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-18T15:19:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1397-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-495-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-620-unauthenticated-csv-injection</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/online-scheduling-and-appointment-booking-system-bookly-270-unauthenticated-price-manipulation-via-tips</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-searchable-data-entry-system/custom-searchable-data-entry-system-171-sql-injection</loc>
<lastmod>2020-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-stored-cross-site-scripting-via-wp-mailphp</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elisqlreports/ez-sql-reports-shortcode-widget-and-db-backup-41113-52508-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2025-03-24T19:32:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livemesh-siteorigin-widgets/livemesh-siteorigin-widgets-391-authenticated-contributor-stored-cross-site-scripting-via-hero-header-and-pricing-table-widgets</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-toolbox-forums/website-toolbox-community-201-reflected-cross-site-scripting-via-websitetoolbox_username</loc>
<lastmod>2024-12-11T15:16:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-photo-gallery/3d-photo-gallery-13-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-20T15:03:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lote27/lote27-all-versions-arbitrary-file-download</loc>
<lastmod>2014-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-540-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-elementor-2691-missing-authorization-to-post-duplication</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-524-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs/tabs-accordion-1310-authenticated-contributor-content-injection</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pilotpress/pilotpress-2036-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-datos-lopd/proteccin-de-datos-rgpd-310-reflected-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-369-cross-site-scripting-via-field-label</loc>
<lastmod>2022-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woffice/woffice-crm-401-authorization-bypass</loc>
<lastmod>2021-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2130-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointy-appointment-scheduler/appointy-appointment-scheduler-421-cross-site-request-forgery-to-settings-change</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-tag-list/advanced-tag-lists-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-video-importer/meks-video-importer-1012-missing-authorization-to-authenticated-subscriber-api-keys-modification</loc>
<lastmod>2024-07-17T12:58:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-booking-bundle-hours/woocommerce-booking-bundle-hours-074-cross-site-request-forgery</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/move-addons/move-addons-for-elementor-135-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-4615-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-55-unauthenticated-sql-injection-via-orderby-parameter</loc>
<lastmod>2026-05-01T17:37:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugversions/plugversions-easily-rollback-to-previous-versions-of-your-plugins-007-missing-authorization-to-authenticated-subscriber-arbitrary-file-creation</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/wp-file-manager-70-reflected-cross-site-scripting</loc>
<lastmod>2021-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnetforms/piotnet-forms-1030-authenticated-editor-path-traversal</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-4510-unprotected-ajax-actions</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bassein/bassein-1015-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-register-helper/custom-user-profile-fields-18-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wish-list-for-woocommerce-pro/wishlist-for-woocommerce-multi-wishlists-per-customer-pro-308-312-reflected-cross-site-scripting-via-wtab-parameter</loc>
<lastmod>2024-11-22T20:57:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recooty/recooty-106-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-27T21:48:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commercial-real-estate-valuation-calculator/valuation-calculator-132-authenticated-contributor-stored-cross-site-scripting-via-link-parameter</loc>
<lastmod>2025-07-22T14:01:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2164-missing-authorization-to-unauthenticated-arbitrary-member-subscription-auto-renewal</loc>
<lastmod>2025-11-04T14:36:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/militarology/militarology-1015-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-project-managment/simple-project-manager-122-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ace-user-management/ace-user-management-203-unauthenticated-privilege-escalation-via-password-reset</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-search-keyword-redirect/search-keyword-redirect-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-made-easy/events-made-easy-2235-subscriber-sql-injection</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/work-the-flow-file-upload/work-the-flow-file-upload-252-arbitrary-file-upload</loc>
<lastmod>2015-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pre-orders-for-woocommerce/pre-orders-for-woocommerce-1213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-vanilla/job-board-vanila-plugin-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T13:46:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dracula-dark-mode/dracula-dark-mode-the-revolutionary-dark-mode-plugin-for-wordpress-108-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-group-documents/bp-group-documents-12-stored-cross-site-scripting</loc>
<lastmod>2013-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podcast-channels/podcast-channels-020-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/immotoolbox-connect/immotoolbox-connect-133-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-294-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/BuilderChild-Market/market-5127-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-or-move-comments/copy-or-move-comments-101-cross-site-scripting-and-sql-injection</loc>
<lastmod>2015-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-552-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reactflow-session-replay-heatmap/reactflow-visitor-recording-and-heatmaps-1010-reflected-cross-site-scripting</loc>
<lastmod>2024-12-20T18:46:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0941-arbitrary-code-execution-via-settings-import</loc>
<lastmod>2016-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-chatgpt-assistant/ai-chatbot-with-chatgpt-and-content-generator-by-ays-209-unauthenticated-openai-key-exposure</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-header-notification/wp-header-notification-127-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-manager/contact-manager-91-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-1104-authenticated-shop-manager-directory-traversal</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aprils-super-functions-pack/aprils-super-functions-pack-147-reflected-cross-site-scripting</loc>
<lastmod>2014-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dbox-slider-lite/dbox-3d-slider-lite-122-sql-injection</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-shops-cart2/e-shops-103-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-336-cross-site-request-forgery</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-165-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-fields/magic-fields-1-171-cross-site-scripting-via-rccwp_createcustomfieldpagephp-custom-group-id-parameter</loc>
<lastmod>2019-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trail-manager/trail-manager-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T20:38:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-membership-plugin-content-restriction-member-levels-user-profile-user-signup-4028-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-chatbot/my-chatbot-11-reflected-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2221-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clp-custom-login-page/clp-custom-login-page-by-niteothemes-155-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1209-authenticated-cross-site-scripting</loc>
<lastmod>2017-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-4112-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register-premium/pie-register-premium-3833-unauthenticated-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-faqs/ultimate-faq-1824-unauthenticated-options-importexport</loc>
<lastmod>2019-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-453-password-change-via-stolen-cookie</loc>
<lastmod>2016-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-352-unauthenticated-privilege-escalation</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-star-review/rate-star-review-vote-ajax-reviews-votes-star-ratings-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-security-scanner/plugin-security-scanner-202-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-featured-post-plugin/random-featured-post-113-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-white-label-branding-custom-login-page-customizer-3419-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-720727-reflected-cross-site-scripting</loc>
<lastmod>2018-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relocate-upload/relocate-upload-020-remote-file-inclusion</loc>
<lastmod>2011-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-base-booking-of-appointments-services-and-events/wp-base-booking-of-appointments-services-and-events-491-reflected-cross-site-scripting-via-status-parameter</loc>
<lastmod>2024-12-16T21:10:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-437-missing-authorization-in-paytium_notice_dismiss</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-lightbox/wp-video-lightbox-196-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultra-simple-paypal-shopping-cart/wordpress-ultra-simple-paypal-shopping-cart-44-cross-site-request-forgery</loc>
<lastmod>2019-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-367-authenticated-doctor-sql-injection-via-u_id-parameter</loc>
<lastmod>2025-02-27T19:24:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-mobile-pack/wordpress-mobile-pack-mobile-plugin-for-progressive-web-apps-hybrid-mobile-apps-202-information-disclosure</loc>
<lastmod>2014-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixcodes/pixcodes-236-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-light/jobboard-job-listing-128-unauthenticated-information-exposure</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-1635-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wibstats-statistics-for-wordpress-mu/wibstats-055-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gioia/gioia-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conekta-payment-gateway/conekta-payment-gateway-600-unauthenticated-information-exposure</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-emberdder/document-embedder-embed-pdfs-word-excel-and-other-files-200-missing-authorization-to-unauthenticated-document-manipulation</loc>
<lastmod>2025-11-04T17:38:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-business-developer-and-agency-multiple-versions-unauthenticated-arbitrary-shortcode-execution-via-content</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-remove-tabs-and-fields/remove-tabs-and-fields-from-woocommerce-168-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-woocommerce-product-reviews-with-multi-criteria-reminder-emails-google-reviews-schema-more-2212-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-03-22T16:26:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-822-cross-site-request-forgery</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integracao-entre-eduzz-e-wc-powers/integrao-entre-eduzz-e-woocommerce-150-175-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-25T16:49:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qrmenu-lite/qrmenu-restaurant-qr-menu-lite-103-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/bp-better-messages-19937-cross-site-request-forgery</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3116-missing-authorization</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-types/custom-post-types-4012-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icdsoft-reseller-store/icdsoft-reseller-store-245-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-facebook-twitter-share-buttons/really-simple-facebook-twitter-share-buttons-2105-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-subscribe-button/podlove-subscribe-button-137-cross-site-request-forgery-via-save-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-my-business-auto-publish/wp-google-my-business-auto-publish-33-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-document-revisions/wp-document-revisions-381-missing-authorization</loc>
<lastmod>2026-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-ucss_connect</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-606-reflected-cross-site-scripting</loc>
<lastmod>2021-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-302-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-380-unauthenticated-sql-injection-via-s</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxgooglemap/cbx-map-for-google-map-openstreetmap-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T18:54:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenkit-blocks-addon/gutenkit-242-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emails-verification-for-woocommerce/customer-email-verification-for-woocommerce-274-email-verification-and-authentication-bypass-due-to-insufficient-randomness</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1371-unauthenticated-sql-injection-via-phrase-parameter</loc>
<lastmod>2025-10-27T16:26:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-filter-pro/search-filter-pro-2517-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jarvis/jarvis-night-club-concert-festival-wordpress-1811-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobcareer/jobcareer-job-board-responsive-wordpress-theme-251-stored-cross-site-scripting</loc>
<lastmod>2019-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-projects-portfolio/wp-projects-portfolio-with-client-testimonials-30-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-628-missing-authorization-to-unauthenticated-payment-integrity-bypass-via-paymentintent-reuse</loc>
<lastmod>2026-03-12T19:21:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trash-duplicate-and-301-redirect/trash-duplicate-and-301-redirect-19-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2025-02-18T19:29:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divebook/divebook-114-improper-access-control</loc>
<lastmod>2020-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patreon-connect/patreon-wordpress-122-php-object-injection</loc>
<lastmod>2018-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgeos/badgeos-3716-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-post-deletion</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-sync/media-sync-149-authenticated-author-path-traversal-via-sub_dir-and-media_items-parameters</loc>
<lastmod>2026-05-13T18:15:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anycomment/anycomment-0032-cross-site-scripting</loc>
<lastmod>2018-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15102-authenticated-contributor-sql-injection</loc>
<lastmod>2024-05-10T08:41:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-2910-missing-authorization</loc>
<lastmod>2025-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-651-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-sizes-on-demand/image-sizes-on-demand-13-reflected-cross-site-scripting-via-php_self-server-variable</loc>
<lastmod>2026-06-23T16:39:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-homepage-slideshow/homepage-slideshow-23-arbitrary-file-upload</loc>
<lastmod>2013-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-339-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/digital-newspaper/digital-newspaper-115-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-recipes/recipe-maker-for-your-food-blog-from-zip-recipes-807-cross-site-request-forgery</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dandyid-services/dandyid-services-159-cross-site-request-forgery</loc>
<lastmod>2014-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/easymeals/easymeals-151-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salient-core/salient-core-207-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player-with-playlist/html5-video-player-with-playlist-240-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spatialmatch-free-lifestyle-search/spatialmatch-idx-309-reflected-cross-site-scripting</loc>
<lastmod>2025-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cowidgets-elementor-addons/cowidgets-elementor-addons-112-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-06-05T13:52:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-event-booking/awesome-event-booking-284-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-325-incorrect-authorization</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-email-marketing-lead-generation-optins-popups-785-missing-authorization-to-unpublished-form-exposure</loc>
<lastmod>2024-11-25T21:55:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-312-sql-injection</loc>
<lastmod>2019-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-calameo/wp-calameo-217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-157-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58001-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-01T13:11:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-1051-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superb-social-share-and-follow-buttons/superb-social-media-share-buttons-and-follow-buttons-113-cross-site-request-forgery-via-spbsmajax</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categories-images/categories-images-331-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-1290-cross-site-request-forgery-via-save</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-support/majestic-support-the-leading-edge-help-desk-customer-support-plugin-105-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-196-open-redirect</loc>
<lastmod>2021-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3360-authenticated-contributor-stored-cross-site-scripting-via-no_data_msg-shortcode-attribute</loc>
<lastmod>2026-06-30T18:55:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/brisk/brisk-unknown-versions-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-352-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-65-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardgate/cardgate-payments-for-woocommerce-321-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabbed/tab-accordion-faq-132-unauthenticated-arbitrary-tab-modification</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cowidgets-elementor-addons/cowidgets-elementor-addons-120-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-08T14:05:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-742-cross-site-scripting</loc>
<lastmod>2017-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suretriggers/suretriggers-1078-authorization-bypass-due-to-missing-empty-value-check-to-unauthenticated-administrative-user-creation</loc>
<lastmod>2025-04-09T16:19:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcargo/wpcargo-track-trace-802-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-wordpress-business-directory-plugin-with-classified-ads-listings-723-missing-authorization</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-332-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2024-12-20T21:27:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker-excel/rsvpmaker-excel-11-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-element/news-element-elementor-blog-magazine-105-unauthenticated-local-file-inlcusion</loc>
<lastmod>2024-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-372-missing-authorization-on-ajax-actions</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whydonate/whydonate-free-donate-button-31214-cross-site-request-forgery</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3228-authenticated-contributor-time-based-sql-injection</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/absolute-reviews/absolute-reviews-108-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-embed-addons-for-elementor/all-embed-elementor-addons-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-posts-ticker/simple-posts-ticker-115-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4265-authenticated-instructor-arbitrary-file-upload</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokbox/wordpress-rokbox-213-abuse-of-functionality</loc>
<lastmod>2012-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-cart-woocommerce/side-cart-woocommerce-ajax-20-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2022-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mediciti-lite/mediciti-lite-130-reflected-cross-site-scripting</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/option-tree/option-tree-260-php-object-injection</loc>
<lastmod>2019-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-ajax/login-with-ajax-41-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-2153-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qtranslate/qtranslate-2539-cross-site-scripting</loc>
<lastmod>2015-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-454-pro-227-free-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-1418-multiple-cross-site-scripting</loc>
<lastmod>2015-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-238-blind-sql-injection</loc>
<lastmod>2022-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiderpowa-embed-pdf/spiderpowa-embed-pdf-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-testimonials-and-reviews-widget/social-proof-testimonials-and-reviews-by-repuso-497-missing-authorization</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-lite/related-posts-lite-112-cross-site-request-forgery</loc>
<lastmod>2025-08-29T13:40:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-431-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-addon/astra-pro-addon-351-unauthenticated-sql-injection</loc>
<lastmod>2021-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-facebook-feed/smash-balloon-custom-facebook-feed-431-authenticated-contributor-stored-cross-site-scripting-via-data-color-attribute</loc>
<lastmod>2025-06-09T21:46:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-102521-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2791-authenticated-contributor-stored-cross-site-scripting-via-countdown-timer-widget</loc>
<lastmod>2025-05-26T10:52:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-exfood/woocommerce-food-restaurant-menu-food-ordering-332-unauthenticated-arbitrary-shortcode-execution-via-ids</loc>
<lastmod>2025-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3speedster-wp/w3speedster-733-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-26-authenticated-contributor-stored-cross-site-scripting-via-search_label</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clippy/wp-clippy-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-04T14:06:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-tracker/email-tracker-5315-authenticated-admin-sql-injection</loc>
<lastmod>2025-10-21T20:17:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moveto/moveto-62-unauthenticated-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fulltext-search/wp-fast-total-search-159211-authenticated-contributor-stored-cross-site-scripting-via-wpfts-live-search-widget</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0969-reflected-cross-site-scripting-via-sub_page-parameter</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-generator/shortcode-generator-11-reflected-cross-site-scripting</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spice-starter-sites/spice-starter-sites-125-missing-authorization-to-unauthenticated-demo-content-import</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsboard/newsboard-post-and-rss-scroller-1212-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flat-ui-button/flat-ui-button-10-authenticated-contributor-stored-cross-site-scripting-via-flatbtn-shortcode</loc>
<lastmod>2024-10-17T15:41:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-3715-unauthenticated-sql-injection</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartlink-dinamic-urls/smartlink-dynamic-urls-110-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-321-cross-site-request-forgery</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/terawallet-for-woocommerce-143-insecure-direct-object-reference</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multiple-customer-addresses/woocommerce-multiple-customer-addresses-shipping-216-missing-authorization-leading-to-authenticated-subscriber-arbitrary-address-creationdeletionviewupdates</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-rest-api/json-rest-api-11-potential-cross-site-request-forgery-bypass</loc>
<lastmod>2014-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-bitcoin-faucets/bitcoin-satoshi-tools-170-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-d3/wp-d3-241-cross-site-request-forgery</loc>
<lastmod>2016-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-price-by-formula-for-woocommerce/product-price-by-formula-for-woocommerce-256-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WhatsCart-for-WooCommerce/whatscart-whatsapp-abandoned-cart-recovery-order-notifications-chat-box-otp-for-woocommerce-110-unauthenticated-sql-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-google-fonts/embed-google-fonts-310-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-global-variables/custom-global-variables-105-stored-cross-site-scripting-via-name</loc>
<lastmod>2021-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-716-authenticated-contributor-stored-cross-site-scripting-via-su_lightbox-shortcode</loc>
<lastmod>2024-06-04T20:15:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-blocks/custom-block-builder-lazy-blocks-382-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-unlocked-student-result/e-unlocked-student-result-104-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcom-member/wpcom-member-1521-unauthenticated-privilege-escalation-via-user-meta</loc>
<lastmod>2024-09-06T01:15:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/police-department/police-department-217-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-182-sql-injection-via-tutor_answering_quiz_questionget_answer_by_id</loc>
<lastmod>2021-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-content-importer/get-use-apis-json-content-importer-2010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-admin-custom-page/wp-admin-custom-page-150-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tell-a-friend-popup-form/wp-tell-a-friend-popup-form-71-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disqus-comment-system/disqus-comment-system-268-reflected-cross-site-scripting</loc>
<lastmod>2011-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-login/one-login-14-unauthenticated-privilege-esclation</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailto-links/wp-mailto-links-protect-email-addresses-313-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-language-translator/google-language-translator-6020-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notifications-center/notifications-center-152-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.2/wordpress-core-12-http-response-splitting</loc>
<lastmod>2004-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-326-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remote-content-shortcode/remote-content-shortcode-15-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-07-31T15:49:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-dynamics-crm/wp-dynamics-crm-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-116-reflected-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-144-unauthenticated-sql-injection</loc>
<lastmod>2020-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/structured-content/structured-content-json-ld-wpsc-164-authenticated-contributor-stored-cross-site-scripting-via-faq-block</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-for-gutenberg-420-incorrect-authorization-checks</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gixaw-chat/gixaw-chat-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-358-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-345-authenticated-author-stored-cross-site-scripting-via-ratings</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grider-elementor/grider-for-elementor-108-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-to-database-extension/contact-form-db-2826-authenticated-cross-site-scripting</loc>
<lastmod>2015-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-826-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2913-reflected-cross-site-scripting</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-3115-cross-site-request-forgery-to-arbitrary-post-deletion-and-modification</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wp-454-unauthenticated-sql-injection-via-distance-lat-lng-parameters</loc>
<lastmod>2026-05-27T18:46:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-generator-powered-by-jotform/form-generator-for-wordpress-152-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppizza/wppizza-31810-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mixtape/mixtape-21-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-248-unauthenticated-sql-injection-via-radius-parameter</loc>
<lastmod>2026-03-23T10:12:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-fancybox/firelight-lightbox-2314-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-305-authenticated-administrator-sql-injection</loc>
<lastmod>2023-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21027-authenticatedcontributor-stored-cross-site-scripting-via-pricing-table-elementor-widget</loc>
<lastmod>2024-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-222-missing-authorization-to-unauthenticated-arbitrary-resume-download</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-3192-authenticated-contributor-information-exposure</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-conctact-form-7-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-popup/jetpopup-2015-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-xml-feed/import-xml-and-rss-feeds-202-server-side-request-forgery</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-contact-form-integration-for-elementor/eleforms-all-in-one-form-integration-including-db-for-elementor-2999-missing-authorization</loc>
<lastmod>2024-11-05T18:16:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-website-builder-pro-3201-authenticated-contributor-stored-cross-site-scripting-via-form-widget-svgz-file-upload</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticketbai/ticketbai-facturas-para-woocommerce-319-unauthenticated-sql-injection</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-social-media-links/floating-social-media-links-143-remote-file-inclusion-via-fsml-adminjsphp-wpp-parameter</loc>
<lastmod>2012-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robcore-netatmo/robcore-netatmo-17-authenticated-contributor-sql-injection-via-robcore-netatmo-shortcode</loc>
<lastmod>2025-09-19T13:25:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-amazon-affiliate/simple-amazon-affiliate-109-reflected-cross-site-scripting</loc>
<lastmod>2025-03-11T14:22:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-so/if-so-dynamic-content-personalization-1802-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-customizer/thank-you-page-customizer-for-woocommerce-increase-your-sales-1013-cross-site-request-forgery-via-send_email</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream/stream-305-sensitive-data-exposure</loc>
<lastmod>2016-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-elements-addons-for-elementor/mega-elements-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-shop/wp-quick-shop-131-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-api/newsletter-api-v1-and-v2-addon-for-newsletter-245-missing-authorization-to-email-subscribers-management</loc>
<lastmod>2024-06-11T22:11:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-reflected-cross-site-scripting</loc>
<lastmod>2018-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flying-twitter-birds/flying-twitter-birds-18-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimal-coming-soon-maintenance-mode/minimal-coming-soon-coming-soon-page-233-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycss/mycss-11-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiderdisplay/spiderdisplay-191-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fixteam/fixteam-electronics-mobile-devices-repair-wordpress-theme-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_VC_Addons/ultimate-addons-for-wpbakery-31917-cross-site-request-forgery</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bannerize-pro/bannerize-pro-1110-missing-authorization</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-245-unauthenticated-sql-injection</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-toolkit-pro/uncanny-toolkit-pro-for-learndash-414-reflected-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/point/point-11-cross-site-request-forgery</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/footnotes-for-wordpress/footnotes-for-wordpress-20161230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-drop-down-roles-in-registration/adding-drop-down-roles-in-registration-11-unauthenticated-privilege-escalation</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-478-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2016-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-feed-for-eventbrite/event-feed-for-eventbrite-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pagebuilder/wp-page-builder-128-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/arforms-form-builder-167-reflected-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auth0/login-by-auth0-3113-cross-site-request-forgery</loc>
<lastmod>2020-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-922-missing-authorization-to-unauthenticated-sensitive-information-disclosure-via-csvexport-class</loc>
<lastmod>2026-06-26T17:24:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stockdio-historical-chart/stockdio-historical-chart-2818-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:41:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-511-server-side-request-forgery</loc>
<lastmod>2014-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-use-constructor-to-create-tables-1065-unauthenticated-arbitrary-shortcode-execution-via-woot_get_smth</loc>
<lastmod>2024-12-09T21:35:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/colorway/colorway-423-cross-site-request-forgery</loc>
<lastmod>2023-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1135-authenticated-contributor-stored-cross-site-scripting-via-id-and-eae_slider_animation-parameters</loc>
<lastmod>2024-08-29T14:38:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peoplepond/peoplepond-119-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-site-verification-using-meta-tag/google-site-verification-plugin-using-meta-tag-12-cross-site-request-forgery</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-136-unauthenticated-time-based-sql-injection</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digipass/digipass-030-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-footnotes/modern-footnotes-1419-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-643-authenticated-author-csv-injection</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exam-matrix/exam-matrix-15-unauthenticated-privilege-escalation</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fermentio/fermentio-brewery-and-winemaking-restaurant-wordpress-theme-150-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-579-authenticated-administrator-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pago-redsys-tpv-grafreak/pago-por-redsys-1012-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T15:49:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lingvico/lingvico-1014-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-392-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verification-sms-targetsms/verification-sms-with-targetsms-15-unauthenticated-limited-remote-code-execution</loc>
<lastmod>2025-04-23T19:47:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-page-shipping-calculator-for-woocommerce/product-page-shipping-calculator-for-woocommerce-1320-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/droit-elementor-addons/droit-elementor-addons-widgets-blocks-templates-library-for-elementor-builder-315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-bmi-calculator/cc-bmi-calculator-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-561-cross-site-request-forgery-to-malware-scan-termination</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-google-reviews/plugin-for-google-reviews-222-missing-authorization</loc>
<lastmod>2022-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-front-end-editor/wp-quick-frontend-editor-55-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2021-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spendeonline/spendeonlineorg-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anti-spam/titan-anti-spam-security-737-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-bootstrap-elements-for-elementor/ultimate-bootstrap-elements-for-elementor-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-wc-affiliate-program/wordpress-woocommerce-affiliate-program-841-authentication-bypass-to-account-takeover-and-privilege-escalation</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hk-shortcode/hk_shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-title-shortcode-attribute</loc>
<lastmod>2026-05-26T17:26:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/contact-form-builder-with-drag-drop-for-wordpress-kali-forms-2341-missing-authorization</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-cart/fluentcart-130-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-29965-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/polls-cp-101-authenticated-sql-injection</loc>
<lastmod>2014-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/firebox/firebox-310-free-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-wpforms-lite/views-for-wpforms-display-edit-wpforms-entries-on-your-site-frontend-346-authenticated-contributor-sql-injection</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-774-missing-authorization-via-rest-api</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codestyling-localization/codestyling-localization-19930-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2015-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-user-profile-user-registration-login-membership-plugin-250-authenticated-admin-remote-code-execution-via-multi-select</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zorka/zorka-157-missing-authorization</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-membership/opal-membership-124-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-4110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elegant-visitor-counter/elegant-visitor-counter-31-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laiser-tag/laiser-tag-125-cross-site-request-forgery-to-plugin-settings-update-via-settings-form</loc>
<lastmod>2026-06-01T19:43:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-widget-184-reflected-cross-site-scripting</loc>
<lastmod>2021-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3119-arbitrary-file-upload</loc>
<lastmod>2021-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-by-bestwebsoft-advanced-contact-us-form-builder-for-wordpress-401-cross-site-scripting</loc>
<lastmod>2019-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wanderland/wanderland-171-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-validation-for-contact-form-7/jquery-validation-for-contact-form-7-52-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmi-adultkid-calculator/bmi-adult-kid-calculator-121-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-me-now/bulk-me-now-20-reflected-cross-site-scripting-via-status</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seamless-donations/seamless-donations-a-platform-for-global-fundraising-and-rebuilding-using-stripe-and-paypal-517-cross-site-request-forgery-to-settings-chage</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-creator-lite/pdf-creator-lite-12-cross-site-request-forgery</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yumpu-epaper-publishing/yumpu-epaper-publishing-2024-missing-authorization-to-pdf-upload-publishing-and-api-key-modification</loc>
<lastmod>2024-05-29T15:50:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/themify-ultra/themify-ultra-735-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twb-woocommerce-reviews/twb-woocommerce-reviews-177-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ukrainian-currency/-uah-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-209-reflected-cross-site-scripting</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/green-money-payment-gateway/greenpaytm-by-greenmoney-300-309-unauthenticated-information-exposure</loc>
<lastmod>2025-04-07T19:16:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yokoo/yokoo-1111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-extra/wp-extra-62-missing-authorization-to-export-settings</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-my-login/theme-my-login-7112-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-510-denial-of-service</loc>
<lastmod>2019-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/trending/trending-02-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplegalpages/privacy-policy-generator-terms-conditions-generator-wordpress-plugin-wp-legal-pages-343-missing-authorization-to-authenticated-contributor-arbitrary-plugin-installation</loc>
<lastmod>2025-09-17T20:43:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwolle-gb/gwolle-guestbook-210-cross-site-request-forgery</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-customers-data/export-customers-data-123-reflected-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-tracking/order-tracking-pro-336-reflected-cross-site-scripting</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-ads-rotator/kento-ads-rotator-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/makestories-helper/makestories-for-google-web-stories-304-authenticated-author-server-side-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accept-sagepay-payments-using-contact-form-7/accept-sagepay-payments-using-contact-form-7-20-unauthenticated-information-exposure</loc>
<lastmod>2025-04-07T21:19:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-manager-for-enamad/logo-manager-for-enamad-074-authenticated-contributor-stored-cross-site-scripting-via-title-shortcode-attribute</loc>
<lastmod>2026-05-19T12:11:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3233-authenticated-sql-injection</loc>
<lastmod>2022-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-511-cross-site-request-forgery-via-multiple-functions</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking-pro/bookingpress-pro-56-unauthenticated-arbitrary-file-upload-via-signature-custom-field</loc>
<lastmod>2026-05-21T06:20:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formbuilder/formbuilder-090-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2012-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-central/plugin-central-251-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link-lite/pretty-link-lite-156-cross-site-scripting</loc>
<lastmod>2012-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandspa/grand-spa-355-reflected-cross-site-scripting</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-slider-190-missing-authorization-on-make-function</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moowoodle/moowoodle-wordpress-moodle-lms-integration-bridge-324-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaky-paywall/leaky-paywall-4226-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qqworld-auto-save-images/qqworld-auto-save-images-198-missing-authorization-to-arbitrary-post-content-retrieval</loc>
<lastmod>2024-05-31T18:47:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4294-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-carousel-slider-and-grid-ultimate/product-carousel-slider-grid-ultimate-for-woocommerce-197-authenticatedcontributor-php-object-injection</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-gallery/feed-them-gallery-118-cross-site-scripting</loc>
<lastmod>2019-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171058-authenticated-contributor-stored-cross-site-scripting-via-title_tag-parameter</loc>
<lastmod>2026-05-13T19:53:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-plugins/hide-plugins-104-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-320-reflected-html-content-injection</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-pagelike-widget/widget-for-social-page-feeds-641-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hijri/wp-hijri-153-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-header/visual-header-13-missing-authorization</loc>
<lastmod>2025-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/back-to-the-top-button/back-to-the-top-button-216-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-vendors/woocommerce-product-vendors-2176-authenticated-vendor-admin-sql-injection</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/astra/astra-468-authenticated-contributor-stored-cross-site-scripting-via-display-name</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-extension-gallery/fusion-page-builder-extension-gallery-176-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-access-restriction/simple-page-access-restriction-1029-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-share-follow-button/simple-share-follow-button-103-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doneren-met-mollie/doneren-met-mollie-284-information-disclosure</loc>
<lastmod>2021-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-410-javascript-code-injection</loc>
<lastmod>2014-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-584-authenticated-sql-injection</loc>
<lastmod>2020-06-03T01:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buymeacoffee/buy-me-a-coffee-button-and-widget-plugin-36-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpupper-share-buttons/wpupper-share-buttons-342-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppizza/wppizza-a-restaurant-plugin-3199-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadcapture/wp-lead-capturing-pages-26-missing-authorization-to-arbitrary-content-deletion</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-6181-authenticated-admin-stored-cross-site-scripting-via-license-field</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liaison-site-prober/liaison-site-prober-121-missing-authorization-to-unauthenticated-information-exposure-in-logs-rest-api-endpoint</loc>
<lastmod>2026-04-23T19:17:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/conversiosio-723-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-234-authenticated-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amp-img-shortcode/amp-img-shortcode-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-338-authenticated-admin-phar-deserialization</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-271110-authenticated-administrator-stored-cross-site-scripting-via-task-data</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-contact-form-282-unauthenticated-stored-cross-site-scripting-via-file-upload-field</loc>
<lastmod>2026-05-27T18:06:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/intrace/multiple-themes-by-jegstudio-various-versions-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ut-elementor-addons-lite/ultra-addons-lite-for-elementor-118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-stream-quiz/ari-stream-quiz-1232-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-blocks-for-woocommerce/product-blocks-for-woocommerce-191-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/packlink-pro-shipping/packlink-pro-shipping-module-346-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-with-typesense/search-with-typesense-2010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nopeamedia/print-pdf-generator-and-publisher-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialdriver-framework/swift-framework-20240430-reflected-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-google-photos-grid/simple-google-photos-grid-15-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-core-262-cryptographic-weakness</loc>
<lastmod>2008-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keep-backup-daily/keep-backup-daily-210-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bannerize-pro/wp-bannerize-pro-169-reflected-cross-site-scripting</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webcam-widget-shortcode/wordpress-live-webcam-widget-shortcode-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T20:38:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/black-widgets/black-widgets-for-elementor-139-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revision-diet/revision-diet-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-4221-authorization-bypass-and-cross-site-request-forgery</loc>
<lastmod>2017-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-statcounter-plugin-for-wordpress/statcounter-206-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.1/wordpress-core-621-directory-traversal</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-messenger-customer-chat/facebook-chat-plugin-12-cross-site-request-forgery-to-site-settings-changes</loc>
<lastmod>2019-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/float-block/float-block-17-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-pro-506-sql-injection</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/colorway/colorway-341-cross-site-scripting</loc>
<lastmod>2016-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusedesk/fusedesk-68-authenticated-contributor-stored-cross-site-scripting-via-emailtext-shortcode-attribute</loc>
<lastmod>2026-03-20T15:13:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-gallery/global-gallery-923-missing-authorization</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopready-elementor-addon/shopready-35-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-2189-subscriber-sql-injection</loc>
<lastmod>2021-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vizeon/vizeon-business-consulting-121-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authldap/authldap-258-cross-site-request-forgery</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/byconsole-woo-order-delivery-time/wooodt-lite-246-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoblocks-grid-gallery/gallery-photoblocks-1140-reflected-cross-site-scripting</loc>
<lastmod>2019-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-payments/accept-stripe-payments-2040-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/automation-by-autonami-351-open-redirect</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/casso-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/casso-t-ng-xc-nhn-thanh-ton-chuyn-khon-ngn-hng-286-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-social-network-membership-registration-user-profiles-6450-authenticated-administrator-stored-cross-site-scripting-via-content-parameter</loc>
<lastmod>2024-09-09T19:11:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cardealer/car-dealer-automotive-wordpress-theme-responsive-163-authenticated-subscriber-arbitrary-file-deletion-and-read</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attendance-manager/attendance-manager-062-authenticated-subscriber-sql-injection-via-attmgr_off-parameter</loc>
<lastmod>2026-04-07T17:38:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-618-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pafacile/pafacile-261-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onclick-show-popup/onclick-show-popup-81-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-313-sensitive-information-disclosure</loc>
<lastmod>2011-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-classifieds-and-directory-pro/advanced-classifieds-directory-pro-329-cross-site-request-forgery</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campus-directory/campus-directory-191-authenticated-contributor-stored-cross-site-scripting-via-noaccess_msg-parameter</loc>
<lastmod>2025-08-04T17:57:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-limit-posts-automatically/wp-limit-posts-automatically-07-cross-site-request-forgery-leading-to-cross-site-scripting</loc>
<lastmod>2014-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-702-authenticated-contributor-stored-cross-site-scripting-via-su_tooltip-shortcode</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invoice-creator/invoice-generator-100-unauthenticated-privilege-escalation-via-account-takeover-via-user_id-parameter</loc>
<lastmod>2026-06-26T16:05:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oxygenbuilder/oxygen-builder-48-authenticated-contributor-stored-cross-site-scripting-via-custom-field</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booked/booked-300-authentication-bypass</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-ajax-product-filter/wcapf-woocommerce-ajax-product-filter-423-unauthenticated-time-based-sql-injection</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-call-back/request-call-back-141-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speakout/speakout-email-petitions-442-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optin/wowoptin-next-gen-popup-maker-create-stunning-popups-and-optins-for-lead-generation-1424-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-membership-plugin-content-restriction-member-levels-user-profile-user-signup-4051-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amount-left-free-shipping-woocommerce/free-shipping-bar-amount-left-for-free-shipping-for-woocommerce-249-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2219-csv-injection</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getastra/astra-security-suite-02-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3224-cross-site-request-forgery</loc>
<lastmod>2023-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instalinker/elfsight-instagram-widget-instagram-gallery-112-reflected-cross-site-scripting</loc>
<lastmod>2016-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-image-replace/external-image-replace-108-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watcheezy/watcheezy-live-chat-plugin-for-wordpress-20-stored-cross-site-scripting</loc>
<lastmod>2021-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-zoooom/wp-image-zoom-146-local-file-inclusion</loc>
<lastmod>2021-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zopim-live-chat/zendesk-chat-126-cross-site-scripting</loc>
<lastmod>2013-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dvieweronline-wp/3dvieweronline-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:01:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-825-missing-authorization</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-156-authenticated-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-203-authenticated-arbitrary-options-update</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filr-protection/filr-secure-document-library-1235-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-1227-authenticated-contributor-stored-cross-site-scripting-via-chart-data-attributes</loc>
<lastmod>2025-11-03T13:41:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smtp/wp-smtp-12-126-authenticated-admin-sql-injection</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-283-cross-site-scripting</loc>
<lastmod>2020-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/humanum/humanum-114-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/excel-like-price-change-for-woocommerce-and-wp-e-commerce-light/spreadsheet-price-changer-for-woocommerce-and-wp-e-commerce-light-2437-unauthenticated-sql-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-basic-ordernumbers/woocommerce-basic-ordernumbers-144-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hk-filter-and-search/html-filter-and-csv-file-search-27-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arabic-font/arabic-font-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2017-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-313-clickjacking</loc>
<lastmod>2011-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/current-template-name/temptool-show-current-template-info-131-authenticated-contributor-information-exposure</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-51162-missing-authorization</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-276-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indianic-testimonial/testimonial-23-multiple-vulnerabilities</loc>
<lastmod>2013-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/digitally/digitally-108-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breadcrumb/breadcrumb-1532-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-file-upload-for-elementor-forms/drag-and-drop-file-upload-for-elementor-forms-143-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azurecurve-floating-featured-image/azurecurve-floating-featured-220-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-core/wp-gdpr-211-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-limits/wp-limits-10-cross-site-request-forgery</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gracioza/gracioza-1015-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-downloads/z-downloads-1116-authenticated-admin-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webba-booking-lite/webba-booking-5120-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hpbtool/hpb-dashboard-131-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-wordpress-help-desk-111-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-13226-missing-authorization-to-authenticated-custom-arbitrary-option-update-privilege-escalation-via-screen_action-parameter</loc>
<lastmod>2026-06-17T14:55:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-template-name/display-template-name-171-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-of-goods-for-woocommerce/cost-of-goods-for-woocommerce-286-cross-site-request-forgery-in-save_costs</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rife-elementor-extensions/rife-elementor-extensions-templates-1110-missing-authorization-via-import_templates</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-easy/easy-google-maps-1117-cross-site-request-forgery</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form/easy-form-by-ays-138-cross-site-request-forgery</loc>
<lastmod>2023-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-342-arbitrary-file-upload</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-resizer/wp-image-resizer-unspecified-version-cross-site-scripting</loc>
<lastmod>2013-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zhina-twitter-widget/zhinatwitterwidget-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/click-mag/click-mag-viral-wordpress-news-magazineblog-theme-360-missing-authorization-to-authenticated-subscriber-arbitrary-options-deletion</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-adsense/quick-adsense-282-missing-authorization</loc>
<lastmod>2022-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listly/listly-listicles-for-wordpress-27-unauthenticated-arbitrary-transient-deletion</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-elementor/ultimate-addons-for-elementor-1201-authentication-bypass</loc>
<lastmod>2019-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-addons-for-elementor-800-authenticated-contributor-dom-based-stored-cross-site-scripting-via-data-caption-attribute</loc>
<lastmod>2025-07-02T16:23:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshiftwoo/woocommerce-addon-by-greenshift-198-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-upsell-and-order-bumps/upsellwp-225-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts/limit-login-attempts-170-brute-force-bypass</loc>
<lastmod>2012-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allow-svg/allow-svg-11-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-latex/enable-latex-1216-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tumult-hype-animations/tumult-hype-animations-1911-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-2921-reflected-cross-site-scripting</loc>
<lastmod>2015-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bizlibrary/bizlibrary-11-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-205-insecure-direct-object-reference-to-forum-status-change</loc>
<lastmod>2022-09-26T09:03:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-management-system/library-management-system-31-authenticated-admin-sql-injection</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sliding-logindashboard-panel/wp-sliding-logindashboard-panel-211-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-06-12T13:07:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-builder-for-wpbakery-page-builder/team-builder-for-wpbakery-page-builderformerly-visual-composer-10-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-18T19:31:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neshan-maps/neshan-maps-114-authenticated-administrator-sql-injection</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campus-explorer-widget/campus-explorer-widget-14-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-892-authenticated-shop-manager-content-injection</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-countdown/countdown-timer-widget-countdown-277-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-menu-cart/wp-menu-cart-2110-reflected-cross-site-scripting</loc>
<lastmod>2022-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-by-lord-linus/contact-us-by-lord-linus-26-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookie-consent/wp-cookie-consent-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-business-intelligence-lite/wp-business-intelligence-lite-13-arbitrary-file-upload</loc>
<lastmod>2014-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moka-get-posts/moka-get-posts-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ban/wp-ban-164-improper-input-validation</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-215-unauthenticated-information-exposure</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-real-estate-pack-4/simple-real-estate-pack-148-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171056-authenticated-contributor-stored-cross-site-scripting-via-follow-button-text-parameter</loc>
<lastmod>2026-05-04T14:53:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-player-for-wpbakery/video-player-for-wpbakery-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-unishippers-edition/small-package-quotes-unishippers-edition-249-missing-authorization</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jh-404-logger/jh-404-logger-11-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesearch/buddyholis-tablesearch-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T20:10:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-imagezoom/wp-imagezoom-105-directory-traversal</loc>
<lastmod>2012-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery-premium/foogallery-free-and-premium-2415-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fence-url/fence-url-200-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tails/tails-1412-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/playful/playful-1190-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/woocommerce-store-exporter-175-stored-cross-site-scripting</loc>
<lastmod>2014-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice/cookie-notice-compliance-for-gdpr-ccpa-211-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/einvoiceapp-malaysia/e-invoice-app-malaysia-130-unauthenticated-information-exposure</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payerurl-crypto-currency-payment-gateway-for-woocommerce/abc-crypto-checkout-182-unauthenticated-information-exposure</loc>
<lastmod>2026-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-support-ticket-system/woocommerce-support-ticket-system-177-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moosend-landing-pages/moosend-landing-pages-116-missing-authorization-to-authenticated-subscriber-option-deletion</loc>
<lastmod>2026-01-06T19:38:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend-pro/wp-user-frontend-pro-413-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-06-04T16:33:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-management-system-for-gamification-ranks-badges-and-loyalty-rewards-program-2976-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-booking/hotel-booking-33-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-05-26T12:29:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart-lift/cart-lift-abandoned-cart-recovery-for-woocommerce-and-edd-315-reflected-cross-site-scripting-via-cart_search</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-any-document/embed-any-document-embed-pdf-word-powerpoint-and-excel-files-271-authenticated-author-stored-cross-site-scripting-via-svg-files</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-filebase/wp-filebase-02924-missing-authorization-checks</loc>
<lastmod>2012-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-wizard/seo-402-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-watcher/seo-watcher-133-remote-code-execution</loc>
<lastmod>2013-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/classter/classter-25-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-malware-removal/malcure-malware-scanner-168-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nc-wishlist-for-woocommerce/nc-wishlist-for-woocommerce-101-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phastpress/phastpress-37-unauthenticated-arbitrary-file-read-via-null-byte-injection</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blaze-online-eparcel-for-woocommerce/blaze-online-eparcel-for-woocommerce-133-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/be-popia-compliant/be-popia-compliant-120-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-twitch-integration/streamweasels-twitch-integration-193-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conference-scheduler/conference-scheduler-243-reflected-cross-site-scripting</loc>
<lastmod>2022-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-488-authenticated-contributor-stored-cross-site-scripting-via-bt_bb_price_list-shortcode</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careerfy/careerfy-job-board-wordpress-theme-390-reflected-cross-site-scripting</loc>
<lastmod>2020-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/luxedrive/luxedrive-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress-button/gamipress-button-104-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-slider-gallery-form-modal-data-table-tab-particle-free-elementor-widgets-elementor-templates-353-authenticated-contributor-stored-cross-site-scriping-via-sina-particle-layer</loc>
<lastmod>2024-05-14T13:32:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-614-reflected-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-captcha/recaptcha-by-bestwebsoft-178-captcha-bypass</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-2912-authenticated-contributor-stored-cross-site-scripting-via-multi-scroll-widget</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-170-authenticated-sql-injection</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-memory-limit/change-memory-limit-10-missing-authorization-via-admin_logic</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-5926-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sided/sided-145-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-sidebars/custom-sidebars-309-cross-site-request-forgery</loc>
<lastmod>2017-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixabay-images/pixabay-images-23-cross-site-scripting</loc>
<lastmod>2015-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/clockstone/clockstone-12-arbitrary-file-upload</loc>
<lastmod>2012-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exportfeed-for-woocommerce-google-product-feed/sync-woocommerce-product-feed-to-google-shopping-124-authenticated-admin-sql-injection</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-smart-coupons/woocommerce-smart-coupons-460-unauthenticated-coupon-creation</loc>
<lastmod>2020-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commentluv/commentluv-304-server-side-request-forgery-via-do_click</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jnews-pay-writer/jnews-pay-writer-1100-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-344-unauthenticated-sensitive-information-exposure-via-logs</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-links/internal-link-juicer-seo-auto-linker-for-wordpress-2243-cross-site-request-forgery</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-form/hash-form-drag-drop-form-builder-110-unauthenticated-arbitrary-file-upload-to-remote-code-execution</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-product-addons-custom-fields-for-woocommerce-33015-unauthenticated-sql-injection</loc>
<lastmod>2025-10-17T18:11:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-content-creator/bulk-content-creator-121-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwl-advanced-faq-manager-lite/bwl-advanced-faq-manager-lite-111-authenticated-contributor-stored-cross-site-scripting-via-sbox_id-shortcode-attribute</loc>
<lastmod>2026-03-25T14:13:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avaibook/avaibook-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delele-all/delete-all-posts-111-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablemaster-for-elementor/tablemaster-for-elementor-136-authenticated-author-server-side-request-forgery-via-csv_url-parameter</loc>
<lastmod>2026-01-27T17:21:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tiki-time/tiki-time-13-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-qr-codes/easy-digital-downloads-qr-codes-110-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logs-de-connexion/connexion-logs-302-cross-site-request-forgery-to-log-deletion</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brutebank/brutebank-wp-security-firewall-18-cross-site-request-forgery</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-16118-missing-authorization-to-unauthenticated-arbitrary-modification-via-bulk-appointments-rest-api-endpoint</loc>
<lastmod>2026-05-27T19:43:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat-ex/slimstat-ex-212-arbitrary-code-execution</loc>
<lastmod>2013-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-card-by-esterox-100/business-card-100-cross-site-request-forgery-to-category-deletion</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftcentral/updraftcentral-dashboard-0823-server-side-request-forgery</loc>
<lastmod>2022-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/molie-instructure-canvas-linking-tool/molie-instructure-canvas-linking-tool-05-reflected-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-seo-image/bulk-seo-image-11-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-06-23T16:41:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadsquared-suite/leadsquared-suite-074-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsite-follow-us-badges/follow-us-badges-3110-authenticated-contributor-stored-cross-site-scripting-via-wpsite_follow_us_badges-shortcode</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integracao-rd-station/rd-station-560-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-logging/wp-mail-logging-1111-unauthenticated-stored-cross-site-scripting-via-email</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/songkick-concerts-and-festivals/songkick-concerts-and-festivals-097-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genesis-blocks/genesis-blocks-313-authenticated-contributor-stored-cross-site-scripting-via-sharing-block-attributes</loc>
<lastmod>2024-07-08T19:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/williamson/mwilliamson-1211-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite/pixelyoursite-your-smart-pixel-tag-api-manager-10111-unauthenticated-php-object-injection</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2111-unauthenticated-privilege-escalation-via-user-meta</loc>
<lastmod>2020-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-showcase/logo-showcase-402-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-16112-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/am-lottieplayer/am-lottieplayer-360-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2026-04-07T17:38:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-fields-search/wp-custom-fields-search-1235-authenticated-contributor-stored-cross-site-scripting-via-wpcfs-preset-shortcode</loc>
<lastmod>2024-09-18T15:37:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2112-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-8017-cross-site-scripting</loc>
<lastmod>2019-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/solaris/solaris-25-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-1558-arbitrary-file-upload</loc>
<lastmod>2015-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-781-cross-site-request-forgery</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-widget/testimonials-widget-404-authenticated-author-stored-cross-site-scripting-via-testimonials-shortcode</loc>
<lastmod>2024-06-05T13:10:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1275-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-translate/my-wp-translate-11-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-09-10T19:03:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attire-blocks/gutenberg-blocks-and-page-layouts-attire-blocks-192-missing-authorization</loc>
<lastmod>2024-06-04T18:36:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-box/popup-box-new-wordpress-popup-plugin-226-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eshop/eshop-6314-multiple-cross-site-scripting</loc>
<lastmod>2016-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-theme-color/browser-theme-color-13-cross-site-request-forgery-via-btc_settings_page</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videojs-html5-player/videojs-html5-player-118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-40904-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bee-quick-gallery/image-gallery-100-reflected-cross-site-scripting</loc>
<lastmod>2025-08-01T19:37:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mihanpanel-lite/mihanpanel-124-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-stripe-and-woocommerce-integration/stripe-payment-plugin-for-woocommerce-379-missing-authorization-to-arbitrary-order-status-modification</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coblocks/page-builder-gutenberg-blocks-coblocks-3112-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-woocommerce-builder-edd-builder-elementor-store-builder-product-grid-product-table-woocommerce-slider-203-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2413-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-11T13:37:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/atomlab/atomlab-245-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-statusbulkedit-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-limit-login-attempts/wp-limit-login-attempts-264-ip-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/outdoor/outdoor-396-reflected-cross-site-scripting</loc>
<lastmod>2023-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenly-addons/greenly-theme-addons-82-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0885-cross-site-scripting-via-the-rules0content-parameter-in-a-wpfc_save_exclude_pages-action</loc>
<lastmod>2018-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-353-cross-site-request-forgery</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genesis-columns-advanced/genesis-columns-advanced-203-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-charts/ninja-charts-335-unauthenticated-information-exposure</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-shortcode/faq-shortocde-10-authenticated-contributor-stored-cross-site-scripting-via-color-shortcode-attribute</loc>
<lastmod>2026-05-26T17:20:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listinghub/listinghub-127-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/construction-landing-page/construction-landing-page-141-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-code-highlightjs/wp-code-highlightjs-062-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2019-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-solution/affiliate-solution-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-9036-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-23T16:04:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woodmart-core/woodmart-core-1036-php-object-injection</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6091-cross-site-request-forgery-to-privilege-escalation-via-rmc_assign_user_role_action-parameter</loc>
<lastmod>2026-06-30T19:50:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-e-mail/send-e-mail-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minify-html-markup/minify-html-217-cross-site-request-forgery-in-minify_html_menu_options</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-contact-form/vs-contact-form-115-reflected-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/league-table-lite/league-table-113-cross-site-request-forgery</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-manager-and-tickets-selling-plugin-for-woocommerce-353-missing-authorization</loc>
<lastmod>2021-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-options-editor/wp-options-editor-11-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-country-selector/wordpress-country-selector-165-reflected-cross-site-scripting-via-ajax-call-of-check_country_selector</loc>
<lastmod>2022-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-calendar-booking-plugin-for-appointments-and-events-551-authenticated-contributor-privilege-escalation</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abundatrade-plugin/abundatrade-plugin-1802-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T11:36:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-copilot/ai-copilot-147-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3032-authenticated-contributor-stored-cross-scripting-via-shortcode</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-21110-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-01-07T20:18:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-recommend-this/i-recommend-this-382-cross-site-scripting</loc>
<lastmod>2018-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-users/wordpress-users-13-sql-injection</loc>
<lastmod>2011-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progressive-license/progressive-license-110-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/wpvivid-backup-and-migration-0968-unauthenticated-sql-injection</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-automator-plugin-for-no-code-automations-webhooks-custom-integrations-in-wordpress-567-missing-authorization</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-search/advanced-woo-search-328-authenticated-contributor-stored-cross-site-scripting-via-aws_search_terms-shortcode</loc>
<lastmod>2025-03-25T10:58:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zombify/zombify-175-authenticated-subscriber-path-traversal-to-arbitrary-file-read</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baidushare-wp/-106-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-209-incorrect-authorization-to-authenticated-contributor-mail-relay-configuration-via-contacts</loc>
<lastmod>2026-06-12T19:20:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recras/recras-wordpress-plugin-641-authenticated-contributor-stored-cross-site-scripting-via-recrasname-shortcode-attribute</loc>
<lastmod>2026-01-06T19:39:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide_my_wp/hide-my-wp-453-cross-site-scripting</loc>
<lastmod>2015-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-options/widget-options-410-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-277-race-condition-leading-to-remote-code-execution</loc>
<lastmod>2020-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coschool/coschool-lms-143-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5-stars-rating-funnel/5-stars-rating-funnel-1401-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/serverbuddy-by-pluginbuddy/serverbuddy-by-pluginbuddycom-105-cross-site-request-forgery-to-php-object-injection</loc>
<lastmod>2025-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hm-portfolio/hm-portfolio-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-62-authenticated-editor-sql-injection</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-sync/database-sync-051-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-all-urls/export-all-urls-51-unauthenticated-information-exposure</loc>
<lastmod>2026-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/maxbuttons-618-cross-site-scripting</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-icons/themify-icons-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chankhe/chankhe-105-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-activation</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-retail-menus/simple-retail-menus-421-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitformpro/bit-form-pro-264-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dixon/dixon-1421-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery-voting/nextgen-gallery-voting-276-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-theme-changer/simple-theme-changer-10-cross-site-request-forgery-to-arbitrary-theme-switcher-configuration-update</loc>
<lastmod>2025-12-11T15:06:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-support-system/woocommerce-support-system-121-authenticated-administrator-sql-injection-via-orderby</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divi-builder/elegant-themes-divi-theme-extra-theme-divi-page-builder-4250-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-bs-crm/jetpack-crm-544-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-cursors/wp-custom-cursors-32-cross-site-request-forgery</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tiles/wp-tiles-112-authenticatedsubscriber-sensitive-information-exposure</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-background-tile/wp-background-tile-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fullscreen-galleria/fullscreen-galleria-1611-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-articles/news-articles-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sagepay-server-gateway-for-woocommerce/sagepay-server-gateway-for-woocommerce-109-cross-site-scripting</loc>
<lastmod>2017-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-what-should-we-write-about-next/advanced-what-should-we-write-next-about-103-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-flipbook-dflip-lite/pdf-flipbook-3d-flipbook-wordpress-dearflip-lite-1712-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-gdpr-cookie-compliance/simple-gdpr-cookie-compliance-200-missing-authorization</loc>
<lastmod>2026-01-14T08:16:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerkit/powerkit-supercharge-your-wordpress-site-291-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-language-switch/user-language-switch-1610-reflected-cross-site-scripting</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rightmessage/rightmessage-wp-097-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:20:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-captcha/flexible-captcha-41-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-any-document/embed-any-document-2710-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-17T13:41:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/appius/appius-theme-10-arbitrary-file-upload</loc>
<lastmod>2014-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress/loginpress-custom-login-page-customizer-1113-unauthorized-settings-update</loc>
<lastmod>2019-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nafeza-prayer-time/nafeza-prayer-time-129-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T17:14:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-splashing-images/splashing-images-21-php-object-injection</loc>
<lastmod>2018-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-1126-authenticated-contributor-stored-cross-site-scripting-via-cubewp_shortcode_taxonomy-shortcode</loc>
<lastmod>2026-01-16T19:29:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/whitish-lite/whitish-lite-2113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-mail/smtp-mail-121-sql-injection</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-captcha-recaptcha-for-woocommerce/no-captcha-recaptcha-for-woocommerce-126-missing-authorization-to-notification-dismissal</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-user-role-editor/wpfront-user-role-editor-421-cross-site-request-forgery-to-privilege-escalation-via-whitelist_options-function</loc>
<lastmod>2025-04-07T19:49:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-affiliate/wc-affiliate-a-complete-woocommerce-affiliate-plugin-24-reflected-cross-site-scripting</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/serial-codes-generator-and-validator/serial-codes-generator-and-validator-with-woocommerce-support-282-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mylinksdump/mylinksdump-16-authenticated-administrator-stored-cross-site-scripting-via-link_title-parameter</loc>
<lastmod>2026-05-26T20:46:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-server-log-viewer/server-log-viewer-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2019-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-536-multiple-cross-site-scripting</loc>
<lastmod>2013-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/wp-abstracts-273-cross-site-request-forgery-to-arbitrary-account-deletion</loc>
<lastmod>2025-02-11T21:25:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-475-limited-unauthenticated-authentication-bypass-to-account-takeover</loc>
<lastmod>2024-09-25T16:13:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/wp-booking-calendar-1062-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ganohrs-toggle-shortcode/ganohrs-toggle-shortcode-024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-bibliplug/enhanced-bibliplug-138-authenticated-contirbutor-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T18:44:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/corner-ad/corner-ad-108-cross-site-scripting</loc>
<lastmod>2017-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyanyplace/surveyanyplace-plugin-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:24:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-523-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-2501-stored-cross-site-scripting</loc>
<lastmod>2014-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artibot/artibot-free-chat-bot-for-websites-117-reflected-cross-site-scripting-via-postmessage</loc>
<lastmod>2025-11-17T20:13:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alba-board/alba-board-213-missing-authorization-to-authenticated-subscriber-sensitive-information-disclosure-via-card_id-parameter</loc>
<lastmod>2026-06-05T10:26:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-plugin-154-cross-site-scripting</loc>
<lastmod>2019-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icon/web-icons-10010-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-11218-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-plyr/simple-plyr-001-authenticated-contributor-stored-cross-site-scripting-via-poster-shortcode-attribute</loc>
<lastmod>2026-02-13T18:13:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-surveys/popup-surveys-polls-for-wordpress-mareio-136-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ona/ona-124-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saoshyant-element/saoshyant-element-12-reflected-cross-site-scripting</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/point-maker/point-maker-014-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1258-authenticated-subscriber-restricted-usermeta-modification-via-htmlvar-parameter</loc>
<lastmod>2026-04-09T12:42:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-tables/product-table-by-wbw-186-cross-site-request-forgery-via-savegroup</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crayon-syntax-highlighter/crayon-syntax-highlighter-plugin-113-remote-file-inclusion</loc>
<lastmod>2012-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-html-sitemap/wp-simple-html-sitemap-27-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-revolution-of-a-slider-hero-slider-ecommerce-slider-31518-authenticated-contributor-stored-cross-site-scripting-via-blog-widget</loc>
<lastmod>2024-11-06T23:53:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uploading-svgwebp-and-ico-files/uploading-svg-webp-and-ico-files-121-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patreon-connect/patreon-wordpress-181-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsanity/adsanity-182-authenticated-arbitrary-file-upload</loc>
<lastmod>2022-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arprice/arprice-413-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-401-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-bulk-product-editing/yith-plugins-by-yithemes-various-versions-cross-site-request-forgery</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance/wp-maintenance-605-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-15T12:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zingiri-tickets/zingiri-tickets-303-sensitive-information-disclosure</loc>
<lastmod>2012-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-elementor-addons/wpzoom-addons-for-elementor-templates-widgets-1137-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-392-authentication-bypass</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-1434-missing-authorization</loc>
<lastmod>2025-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patreon-connect/patreon-wordpress-191-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-122-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-post-generator/ai-post-generator-autowriter-35-missing-authorization-to-authenticated-contributor-postpage-deletion</loc>
<lastmod>2024-12-11T15:25:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-event-calendar/spidercalendar-149-unauthenticated-sql-injection</loc>
<lastmod>2015-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-address-encoder/email-address-encoder-1023-cross-site-request-forgery-via-eae_clear_caches</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate/image-hover-effects-ultimate-981-984-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-271-authenticated-administrator-sql-injection</loc>
<lastmod>2024-06-06T15:55:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms-uploads/ninja-forms-file-uploads-extension-330-arbitrary-file-upload</loc>
<lastmod>2020-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-manager-powered-by-behance/behance-portfolio-manager-174-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-772-reflected-cross-site-scripting</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paritypress/paritypress-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-26T13:05:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-content/private-content-8115-reflected-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/altair/altair-522-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-2022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-malware-protection/minioranges-malware-scanner-455-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-invoicing-for-woocommerce/pdf-invoices-packing-slips-generator-for-woocommerce-221-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wpjobster/wpjobster-635-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-712-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dentario/dentario-15-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-soundsystem/wp-soundsystem-342-authenticated-contributor-stored-cross-site-scripting-via-wpsstm-track-shortcode</loc>
<lastmod>2025-06-25T13:45:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-2160-cross-site-request-forgery</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-274-incomplete-authorization-via-save_image-and-save_images</loc>
<lastmod>2023-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kbase/knowledge-base-29-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-314-unauthenticated-content-injection</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hyori/hyori-136-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gplus-comments/comments-evolved-for-wordpress-163-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/developer/developer-126-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-theme-builder/xpro-theme-builder-1284-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpress/sendpress-newsletters-123116-missing-authorization</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-category/subscribe-to-category-273-missing-authorization</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zdstats/zdstatistics-201-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/videopro/videopro-2381-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/showhide-shortcode/showhide-shortcode-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazyest-backup/lazyest-backup-022-reflected-cross-site-scripting</loc>
<lastmod>2011-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-text-expander/wp-text-expander-101-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jch-optimize/jch-optimize-322-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-category-discount/category-discount-woocommerce-411-cross-site-request-forgery-via-wpcd_save_discount</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-firebase-sms-otp-verification/miniorange-otp-verification-with-firebase-360-privilege-escalation-via-registration-due-to-administrator-default-user-role-value</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-redirects-for-learndash/course-redirects-for-learndash-plugin-04-cross-site-request-forgery</loc>
<lastmod>2025-10-10T20:30:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sweetdate-core/sweetdate-core-115-reflected-cross-site-scripting</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-743-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-02-17T21:15:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexo-social-gallery/flexo-social-gallery-10006-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-google-spreadsheet-viewer/inline-google-spreadsheet-viewer-096-cross-site-request-forgery</loc>
<lastmod>2015-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wastia/wastia-113-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-expirator/post-expirator-251-contributor-arbitrary-post-schedule-deletion</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registrations-for-the-events-calendar/registrations-for-the-events-calendar-event-registration-plugin-2123-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-photo-gallery-176-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/narnoo-commerce-manager/narnoo-commerce-manager-160-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pressforward/pressforward-528-cross-site-scripting</loc>
<lastmod>2022-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-312-cross-site-scripting</loc>
<lastmod>2015-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto/crypto-tool-222-unauthenticated-information-exposure-via-global-authentication-state</loc>
<lastmod>2025-11-10T15:07:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik-privacy-policy/oik-privacy-policy-1410-reflected-cross-site-scripting</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/patiotime/patiotime-21-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-437-missing-authorization-in-check_mollie_account_details</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-banner-manager-59-cross-site-request-forgery</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-information-disclosure-email-address</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2j-slideshow/slideshow-image-slider-by-2j-1331-authorization-bypass</loc>
<lastmod>2020-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-224-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/appius/appius-theme-10-full-path-disclosure</loc>
<lastmod>2012-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twentig/twentig-197-authenticated-contributor-stored-cross-site-scripting-via-featuredimagesizewidth</loc>
<lastmod>2026-03-28T13:21:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-in-place/search-in-place-10104-cross-site-request-forgery-to-feedback-submission</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woffice-core/woffice-core-548-reflected-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pubsubhubbub/websub-fka-pubsubhubbub-314-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitemap-by-click5/sitemap-by-click5-1035-unauthenticated-arbitrary-options-update</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/personizely/personizely-010-authenticated-contributor-stored-cross-site-scripting-via-widgetid-parameter</loc>
<lastmod>2025-05-02T11:34:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-image/seo-friendly-images-305-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ezoic-integration/ezoic-288-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accesspress-social-icons/accesspress-social-icons-180-author-sql-injection</loc>
<lastmod>2020-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-890-missing-authorization-to-authenticated-subscriber-delete-arbitrary-b2s-post-records-via-postid-parameter</loc>
<lastmod>2026-05-12T15:27:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-733-authenticated-contributor-stored-cross-site-scripting-via-src-parameter</loc>
<lastmod>2025-03-03T20:32:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2175-authenticated-subscriber-php-object-injection-via-auxin_template_control_importer</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-before-download/email-before-download-67-admin-sql-injection</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-google-cloud-print-gcp-woocommerce/bizprint-467-missing-authorization</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-post/related-post-2053-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-gutenberg-blocks/gutenberge-blocks-218-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-489-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captain-slider/captain-slider-106-stored-cross-site-scripting</loc>
<lastmod>2015-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demon-image-annotation/demon-image-annotation-53-authenticated-administrator-sql-injection</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-conditional-captcha/conditional-captcha-400-unauthenticated-open-redirect</loc>
<lastmod>2026-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pricing-tables/easy-pricing-tables-312-author-stored-cross-site-scripting</loc>
<lastmod>2022-05-27T13:43:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cool-video-gallery/cool-video-gallery-19-authenticated-command-injection</loc>
<lastmod>2015-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamicconditions/dynamic-conditions-174-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/butcher/butcher-240-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadpages/leadpages-113-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-events/event-rsvp-and-simple-event-management-plugin-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-25T13:46:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ireca/ireca-185-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3121-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-google-maps/10web-map-builder-for-google-maps-1072-unauthenticated-sql-injection</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-1723-missing-authorization-to-unauthenticated-limited-file-upload</loc>
<lastmod>2025-01-15T21:22:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-info/debug-info-1310-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-fussball-de-widgets/include-fussballde-widgets-400-authenticated-contributor-stored-cross-site-scripting-via-api-and-type</loc>
<lastmod>2025-11-10T15:26:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mangboard/mangboard-199-sql-injection</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-widget/social-media-widget-40-arbitrary-file-upload</loc>
<lastmod>2013-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-294-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-html-sitemap/simple-html-sitemap-38-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-416-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/deny-all-firewall/deny-all-firewall-116-cross-site-request-forgery</loc>
<lastmod>2019-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-cache-252-unauthenticated-exposure-of-sensitive-information-to-an-unauthorized-actor-via-crafted-login-cookie</loc>
<lastmod>2026-05-28T14:55:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-data-request-form/gdpr-data-request-form-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows/funnel-builder-130-arbitrary-plugin-activation</loc>
<lastmod>2019-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dispatcher/wp-dispatcher-120-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-10-02T22:18:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phpsword-favicon-manager/pk-favicon-manager-21-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-plugin/gallery-by-bestwebsoft-customizable-image-and-photo-galleries-for-wordpress-478-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vintwood/vintwood-118-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vslider/vslider-multi-image-slider-412-missing-authorization</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-contact-form-widget-for-elementor-page-builder-gutenberg-blocks-form-builder-221-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-14T15:59:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-thumbnail/auto-thumbnails-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:24:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-prayer-time-for-mosques/daily-prayer-time-20231013-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-core/event-espresso-core-4106p-reflected-cross-site-scripting</loc>
<lastmod>2021-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webappick-product-feed-for-woocommerce/ctx-feed-656-authenticated-shop-manager-arbitrary-options-update</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coon-google-maps/coon-google-maps-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T15:12:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-staff-directory/employee-directory-121-authenticated-contributor-stored-cross-site-scripting-via-form_title-shortcode-attribute</loc>
<lastmod>2026-02-05T19:15:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-wish-lists/easy-digital-downloads-wish-lists-111-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-control/content-control-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-preview-emails/preview-e-mails-for-woocommerce-168-reflected-cross-site-scripting</loc>
<lastmod>2021-11-18T16:38:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-2156-remote-file-inclusion</loc>
<lastmod>2016-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3267-missing-authorization-to-information-disclosure</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-ai-powered-classified-ads-business-directory-plugin-538-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-4218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-chocolate/chocolate-wp-responsive-photography-theme-all-versions-remote-file-inclusion</loc>
<lastmod>2013-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timthumb-vulnerability-scanner/timthumb-vulnerability-scanner-154-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3841-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forumwp/forumwp-forum-discussion-board-216-authenticated-subscriber-stored-cross-site-scripting-via-display-name</loc>
<lastmod>2026-01-05T14:45:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nirweb-support/nirweb-support-279-sql-injection</loc>
<lastmod>2022-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2443-authenticated-contributor-store-cross-site-scripting-via-widget-link-to-url</loc>
<lastmod>2024-06-04T17:26:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockwheels/blockwheels-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-invalid-click-protection/ads-invalid-click-protection-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cresta-addons-for-elementor/cresta-addons-for-elementor-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-212-authenticated-contributor-stored-cross-site-scripting-via-urls</loc>
<lastmod>2024-06-05T15:28:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fushion-theme/fusion-21-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-warfare/social-sharing-plugin-social-warfare-4451-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-best-wordpress-survey-plugin-366-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/echelon/echelon-24-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jc-importer/import-wp-export-and-import-csv-and-xml-files-to-wordpress-21416-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2025-10-31T17:58:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-import/advanced-import-137-cross-site-request-forgery</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-html5-file-upload/jquery-html5-file-upload-30-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2017-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-click-demo-import/one-click-demo-import-320-authenticated-admin-php-object-injection</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/croprefine/croprefine-121-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-recommendation-quiz-for-ecommerce/product-recommendation-quiz-for-ecommerce-210-missing-authorization-in-prq_set_token</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3861-unauthenticated-sql-injection-via-listing-grid-filtered_query-parameter</loc>
<lastmod>2026-03-23T16:17:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-3123-unauthenticated-sql-injection-via-form_id</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-71127-cross-site-request-forgery</loc>
<lastmod>2019-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vrpconnector/vrpconnector-201-unauthenticated-php-object-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mocho-blog/mocho-blog-104-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-471-stored-cross-site-scripting-via-theme-directory-name</loc>
<lastmod>2017-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmatic/replyable-subscribe-to-comments-and-reply-by-email-229-authenticated-subscriber-php-object-injection-via-prompt_dismiss_notice</loc>
<lastmod>2023-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aklamator-infeed/aklamator-infeed-200-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-150-unauthenticated-sql-injection</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arprice/arprice-wordpress-pricing-table-plugin-413-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1190-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/deepdigital/deepdigital-102-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightweight-accordion/lightweight-accordion-1520-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-14T14:20:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/language-switcher/language-switcher-3713-reflected-cross-site-scripting</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-ajax/login-with-ajax-41-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnetforms/piotnet-forms-1025-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3221-authenticated-contributor-arbitrary-svg-download</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-205-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/common-ninja/common-ninja-fully-customizable-perfectly-responsive-free-widgets-for-wordpress-websites-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T15:45:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jigoshop-store-toolkit/jigoshop-store-toolkit-140-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-feed/social-feed-220-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sahifa/sahifa-240-full-path-disclosure</loc>
<lastmod>2013-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viglink-spotlight-by-shortcode/viglink-spotlight-by-shortcode-10a-authenticated-contributor-stored-cross-site-scripting-via-float-shortcode-attribute</loc>
<lastmod>2025-12-11T14:32:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-rets/simplyrets-real-estate-idx-322-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/progress/progress-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formfacade/formfacade-141-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailkit/emailkit-email-customizer-for-woocommerce-wp-162-missing-authorization-to-authenticated-subscriber-arbitrary-post-title-modification</loc>
<lastmod>2026-02-17T16:26:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-206-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-flash-uploader/flash-uploader-312-arbitrary-command-execution</loc>
<lastmod>2014-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-501-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attribute</loc>
<lastmod>2026-02-24T20:52:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-file/include-file-1-authenticated-contributor-arbitrary-file-download</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/justclick-subscriber/justclick-registration-plugin-01-reflected-cross-site-scripting-via-php_self</loc>
<lastmod>2026-01-23T19:24:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-logo-editor-by-oizuled/login-logo-editor-133-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberpress/memberpress-11129-authenticated-contributor-stored-cross-site-scripting-via-arglist-parameter</loc>
<lastmod>2024-05-21T20:02:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-5210-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-column-tag-map/multi-column-tag-map-17039-authenticated-administrator-stored-cross-site-scripting-via-mctm_css_conditional-parameter</loc>
<lastmod>2026-01-06T20:34:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpradio/wpradio-wordpress-radio-streaming-plugin-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T14:11:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-word-cloud/custom-word-cloud-03-authenticated-contributor-stored-cross-site-scripting-via-angle-parameter</loc>
<lastmod>2025-08-01T18:51:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ics-calendar/ics-calendar-101202-authenticated-contributor-arbitrary-file-read-and-server-side-request-forgery</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12320-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-prune-posts/auto-prune-posts-180-cross-site-request-forgery-via-admin_menu</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/refund-request-for-woocommerce/refund-request-for-woocommerce-10-missing-authorization-to-authenticated-subscriber-refund-status-update</loc>
<lastmod>2025-11-24T19:16:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-1686-stored-cross-site-scripting</loc>
<lastmod>2022-01-10T13:42:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eltdf-membership/elated-membership-12-authentication-bypass-via-social-login</loc>
<lastmod>2025-12-09T13:16:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpa-seo-auto-linker/seo-auto-linker-153-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonka-slide/wonka-slide-133-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-02-06T20:21:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/emallshop/emallshop-2421-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-app-online/build-app-online-1018-unauthenticated-sql-injection</loc>
<lastmod>2022-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/circle-image-slider-with-lightbox/team-circle-image-slider-with-lightbox-1015-reflected-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-172-full-path-disclosure</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/night-mode/night-mode-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-js-manager/css-js-manager-2449-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-218-cross-site-request-forgery-to-authenticated-subscriber-assistant-modification</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-custom-code/easy-custom-code-lesscssjs-live-editing-108-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gunslinger/gunslinger-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-287-missing-authorization-to-information-disclosure-sd_constants</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-payment-gateway-for-piraeus-bank/piraeus-bank-woocommerce-payment-gateway-1651-unauthenticated-sql-injection</loc>
<lastmod>2024-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-addcounts</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3228-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-divi-shortcode/simple-divi-shortcode-12-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-05-28T16:58:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-881-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/konzept/konzept-unkown-versions-arbitrary-file-upload</loc>
<lastmod>2014-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uix-slideshow/uix-slideshow-165-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-11-15T15:08:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copymatic/copymatic-ai-content-writer-generator-21-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-07-17T16:19:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gm-woocommerce-quote-popup/product-enquiry-for-woocommerce-31-reflected-cross-site-scripting</loc>
<lastmod>2024-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-gutenberg-blocks-225-authenticated-author-phar-deserialization</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a-team-showcase/team-builder-157-missing-authorization</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pi-woocommerce-order-date-time-and-type/order-date-time-for-woocommerce-3019-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flipclock/wp-flipclock-191-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-post-revisions-on-single-click/delete-post-revisions-in-wordpress-46-cross-site-request-forgery</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiotvietsync/kiotviet-sync-185-missing-authorization</loc>
<lastmod>2025-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-table-field/advanced-custom-fields-table-field-1113-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-238-239-missing-authorization</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/genemy/genemy-creative-minimal-landing-page-builder-for-digital-startup-design-studio-agency-in-marketing-166-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ione360-configurator/ione360-configurator-2057-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-blocks/productx-gutenberg-woocommerce-blocks-278-missing-authorization-via-option_data_save</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kapee/kapee-171-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-shortcodes-inside-widgetscomments-and-experts/enable-shortcodes-inside-widgetscomments-and-experts-100-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-10-29T13:34:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agency-toolkit/agency-toolkit-1024-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/CF7-autoresponder-addon/cf7-auto-responder-addon-24-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsynchro/wp-migration-plugin-db-files-wp-synchro-191-cross-site-request-forgery</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-content-type-manager/custom-content-type-manager-0987-0988-malicious-backdoor</loc>
<lastmod>2016-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/wp-user-manager-user-profile-builder-membership-2916-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2815-unauthenticated-privilege-escalation-admin-account-takeover-via-registration-confirmation-email-to-id-type-confusion</loc>
<lastmod>2026-03-23T11:19:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-152-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-6918-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/retro-winamp-block/terser-js-package-5142-denial-of-service</loc>
<lastmod>2022-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/wordpress-webinar-plugin-webinarpress-13324-missing-authorization-to-authenticated-subscriber-arbitrary-file-creation</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtg-advanced-blocks/gutengeek-free-gutenberg-blocks-for-wordpress-113-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-24T12:21:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/deeper-comments/deeper-comments-211-missing-authorization-to-authenticatedsubscriber-arbitrary-options-update</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bridge/bridge-theme-182-qode-instagram-widget-201-qode-twitter-feed-200-open-redirect</loc>
<lastmod>2019-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chopslider/chop-slider-3-34-unauthenticated-sql-injection</loc>
<lastmod>2020-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-290-missing-authorization</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/text-to-audio/text-to-speech-tts-accessibility-1930-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-odoo-form-integrator/wp-odoo-form-integrator-110-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-3107-authenticated-contributor-stored-cross-site-scripting-via-ms_slider-shortcode</loc>
<lastmod>2025-03-04T21:15:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fiverr-official-search-box/fiverrcom-official-search-box-108-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elements/easy-elements-for-elementor-addons-website-templates-149-unauthenticated-privilege-escalation-via-custom_meta-parameter</loc>
<lastmod>2026-05-21T16:07:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timelineoptinpro/timelineoptinpro-plugin-all-versions-cross-site-scripting</loc>
<lastmod>2013-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timezonecalculator/timezonecalculator-337-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-25T13:44:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-confirmation-email/user-email-verification-for-woocommerce-350-authentication-bypass</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedblitz-email-subscription/subscription-form-for-feedblitz-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-5012-missing-authorization-to-api-key-manipulation</loc>
<lastmod>2024-10-25T19:31:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filedownload/file-download-14-open-proxy</loc>
<lastmod>2017-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/near-login/login-with-near-033-authentication-bypass-via-account-parameter</loc>
<lastmod>2026-05-26T17:24:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-by-lightspeed-ecommerce-shopping-cart-61227-cross-site-request-forgery-to-send-deactivation-message</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sweepwidget/sweepwidget-contests-giveaways-photo-contests-competitions-206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:26:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-637-missing-authorization-to-authenticated-contributor-arbitrary-file-operations-deletion-move-folder-creation-download-via-frontmanage-shortcode-attribute</loc>
<lastmod>2026-06-19T20:27:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmp-coming-soon-maintenance/cmp-381-missing-authorization</loc>
<lastmod>2020-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-700-authenticatedshop-manager-sensitive-information-exposure</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authors-list/authors-list-2061-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3151-authenticated-subscriber-sensitive-information-exposure-via-insecure-direct-object-reference</loc>
<lastmod>2026-04-14T12:23:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fwd-slider/fwd-slider-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-cms-block/wp-custom-cms-block-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-290-sensitive-information-exposure</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tz-zoomifywp-free/zoomifywp-free-11-authenticated-contributor-stored-cross-site-scripting-via-filename-shortcode-attribute</loc>
<lastmod>2026-02-13T18:18:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jinshuju/-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitekit/sitekit-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sctv-sales-countdown-timer/sales-countdown-timer-for-woocommerce-and-wordpress-1181-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aajoda-testimonials/aajoda-testimonials-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asset-manager/asset-manager-03-arbitrary-file-upload</loc>
<lastmod>2012-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-free-downloads/easy-digital-downloads-free-downloads-103-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsplugin/newsplugin-1018-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress/bbpress-264-authenticated-admin-stored-cross-site-scripting-via-the-forums-list-table</loc>
<lastmod>2020-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/o2s-gallery/o2s-gallery-10-reflected-cross-site-scripting</loc>
<lastmod>2013-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-511-cross-site-request-forgery</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration-plugin-for-woocommerce/custom-user-registration-fields-for-woocommerce-212-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsplacer/adsplacer-ad-manager-inserter-adsense-ads-115-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ceceppa-multilingua/ceceppa-multilingua-1517-reflected-cross-site-scripting</loc>
<lastmod>2020-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-price-calculator-basic/simple-price-calculator-13-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-506-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-710-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sala/sala-113-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-2416-authenticated-subscriber-arbitrary-file-deletion-via-post-body</loc>
<lastmod>2026-04-03T22:11:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sc-simple-zazzle/sc-simple-zazzle-116-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-management/wpchurch-270-unauthenticated-sql-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmash/postmash-custom-post-order-120-reflected-cross-site-scripting-via-m</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-475-cross-site-scripting-via-customizer</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-680-cross-site-request-forgery</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/attire/attire-206-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-08-30T14:33:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appmysite/appmysite-3150-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arprice-responsive-pricing-table/pricing-table-plugin-23-cross-site-request-forgery</loc>
<lastmod>2019-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-5973-cross-site-scripting</loc>
<lastmod>2020-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversational-forms/conversational-forms-for-chatbot-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveasap/simple-giveaways-2482-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-466-reflected-cross-site-scripting</loc>
<lastmod>2021-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1133-authenticated-employee-insecure-direct-object-reference</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-style/custom-style-10-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-651-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-533-authenticated-cross-site-scripting</loc>
<lastmod>2016-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-buddypress-community-user-profile-social-network-membership-plugin-for-wordpress-133-missing-authorization-to-authenticated-subscriber-limited-options-update-save_addon_key_license</loc>
<lastmod>2025-01-24T18:53:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-subscribe-button/podlove-subscribe-button-1310-authenticated-contributor-sql-injection</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-5103-missing-authorization-to-authenticated-subscriber-arbitrary-theme-options-update</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-more-than-just-a-page-builder-3259-authenticated-contributor-stored-cross-site-scripting-via-typography-settings</loc>
<lastmod>2024-12-20T21:06:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-attachments/wp-attachments-5011-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-244-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-event-calendar/all-in-one-events-calendar-110-sql-injection</loc>
<lastmod>2013-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/techone/techone-303-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-counter/simple-download-counter-23-authenticated-contributor-stored-cross-site-scripting-via-text-shortcode-attribute</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-smart-bot-blocking-intrusion-prevention-security-2005-reflected-cross-site-scripting</loc>
<lastmod>2024-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3620-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravityforms-196-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system-pro/masterstudy-lms-pro-plus-4820-authenticated-instructor-sql-injection-via-columns-parameter</loc>
<lastmod>2026-06-03T11:45:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist-social-login/directorist-social-login-211-unauthenticated-privilege-escalation</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eduadmin-booking/eduadmin-booking-520-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-hd-flv-player/hd-flv-player-17-arbitrary-file-upload</loc>
<lastmod>2012-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecab-taxi-booking-manager/taxi-booking-manager-for-woocommerce-wordpress-plugin-ecab-109-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-203-directory-traversal</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dtracker/dtracker-15-missing-authorization</loc>
<lastmod>2017-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailhawk/wordpress-smtp-service-email-delivery-solved-mailhawk-131-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-downloads/sell-downloads-107-improper-input-validation</loc>
<lastmod>2015-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-awesome-import-export/wordpress-awesome-import-export-plugin-import-export-wordpress-data-411-missing-authorization-to-authenticated-subscriber-arbitrary-sql-executionprivilege-escalation</loc>
<lastmod>2025-03-04T21:05:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-data-logger/wp-logger-22-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-3352-missing-authorization</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uber-grid/wordpress-portfolio-builder-portfolio-gallery-117-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bravo-translate/bravo-translate-12-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activity-reactions-for-buddypress/activity-reactions-for-buddypress-1022-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-with-ticket-scanner/event-tickets-with-ticket-scanner-2311-authenticated-author-remote-code-execution</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-manager/wp-event-manager-3141-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexi-quote-rotator/flexi-quote-rotator-094-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-mailer-270-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-link/amazon-link-3210-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-1513-arbitrary-email-content-change</loc>
<lastmod>2005-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-backup/total-upkeep-1171-missing-authorization-to-unauthenticated-rollback-cancellation</loc>
<lastmod>2026-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subscription-forms-pro/wp-subscription-forms-pro-205-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orbisius-child-theme-creator/child-theme-creator-154-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aphorismus/aphorismus-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apptivo-business-site/apptivo-business-site-crm-53-missing-authorization-to-arbitrary-content-deletion</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-blocks-for-gutenberg/premium-blocks-gutenberg-blocks-for-wordpress-2133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-323-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/wp-foodbakery-48-reflected-cross-site-scripting</loc>
<lastmod>2025-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-manager/contact-form-manager-141-reflected-cross-site-scripting</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbenchmark/wordpress-hosting-benchmark-tool-136-cross-site-request-forgery-via-execute_plugin</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-140-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hrm-lite-human-resource-management-system/wp-hrm-lite-11-unauthenticated-sql-injection</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-se/slideshow-se-2517-authenticated-author-limited-local-file-inclusion</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-editor/front-end-editor-23-arbitrary-file-upload</loc>
<lastmod>2012-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clictracker/wp-clictracker-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jet-engine-362-authenticated-contributor-stored-cross-site-scripting-via-list_tag-parameter</loc>
<lastmod>2025-01-17T18:34:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-389-unauthenticated-privilege-escalation</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rest-cache/wp-rest-cache-202510-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kudos-donations/kudos-donations-easy-donations-and-payments-with-mollie-329-reflected-cross-site-scripting</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/firsth3tagadsense/sandwich-adsense-402-missing-authorization</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirection/redirection-363-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2018-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-custom-order-status/ni-woocommerce-custom-order-status-196-sql-injection</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jw-player-plugin-for-wordpress/jw-player-plugin-for-wordpress-2114-reflected-cross-site-scripting</loc>
<lastmod>2015-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/product-table-and-list-builder-for-woocommerce-lite-462-unauthenticated-time-based-sql-injection-via-search-parameter</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optincraft/optincraft-120-authenticated-administrator-sql-injection-via-order_by-parameter</loc>
<lastmod>2026-06-05T13:57:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-ui/custom-post-type-ui-1134-cross-site-request-forgery-to-sensitive-information-exposure</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode-from-acurax/under-construction-maintenance-mode-from-acurax-26-information-exposure</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-2012-arbitrary-file-deletion</loc>
<lastmod>2016-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/cp-polls-1071-unauthenticated-content-injection</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magnitudo/magnitudo-all-versions-arbitrary-file-upload</loc>
<lastmod>2013-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hermit/hermit-316-multiple-cross-site-request-forgery</loc>
<lastmod>2022-04-28T13:11:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-554-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundcloud-is-gold/soundcloud-is-gold-231-reflected-cross-site-scripting</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-booking-system/wp-booking-system-booking-calendar-2014-reflected-cross-site-scripting</loc>
<lastmod>2021-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freesoul-deactivate-plugins/freesoul-deactivate-plugins-213-cross-site-request-forgery-via-eos_dp_pro_delete_transient</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dollie/dollie-hub-build-your-own-wordpress-cloud-platform-620-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webappick-product-feed-for-woocommerce/product-feed-manager-for-woocommerce-ctx-feed-support-220-shopping-social-channels-6626-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/merge-minify-refresh/merge-minify-refresh-214-cross-site-request-forgery</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearpay-gateway-for-woocommerce/clearpay-gateway-for-woocommerce-350-reflected-cross-site-scripting</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-431-authenticated-subscriber-stored-cross-site-scripting-via-get_profile_social</loc>
<lastmod>2025-12-15T02:25:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-banner-manager-5177-authenticated-contributor-php-code-injection-via-banner-shortcode-attribute</loc>
<lastmod>2026-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pre-publish-post-checklist/pre-publish-post-checklist-31-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/brevo-email-sms-web-push-chat-and-more-330-unauthenticated-authorization-bypass-via-type-juggling</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3302-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11340-reflected-cross-site-scripting</loc>
<lastmod>2020-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-wishlist/wpc-smart-wishlist-for-woocommerce-298-reflected-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flat-preloader/flat-preloader-150-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-322-reflected-cross-site-scripting-via-ppress_cc_data-parameter</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-zendesk/wp-zendesk-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-114-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-1110-unauthenticated-shortcode-injection-leading-to-arbitrary-quiz-result-disclosure-via-quiz-answer-text-input-fields</loc>
<lastmod>2026-04-16T16:42:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor-pro/piotnet-addons-for-elementor-pro-7117-cross-site-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/naturalife-extensions/naturalife-extensions-21-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xenon/xenon-bootstrap-admin-theme-with-angularjs-13-reflected-cross-site-scripting</loc>
<lastmod>2020-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weforms/weforms-1618-missing-authorization-via-export_form_entries</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-454-authenticated-custom-sql-injection-via-after-parameter</loc>
<lastmod>2026-06-25T13:02:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-manual-purchases/manual-purchases-110-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/event-manager-events-calendar-tickets-registrations-eventin-4024-missing-authorization-to-unauthenticated-payment-status-update</loc>
<lastmod>2025-03-19T17:03:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookme-free-appointment-booking-system/bookme-42-authenticated-admin-sql-injection-via-filterstatus-parameter</loc>
<lastmod>2025-11-24T19:08:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-856-missing-authorization-via-set_read</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getty-images/getty-images-410-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration-advanced-fields/user-registration-advanced-fields-1620-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-05-01T15:46:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/house-manager/house-manager-easy-renter-management-system-for-wordpress-1084-reflected-cross-site-scripting</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onestore-sites/onestore-sites-011-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2025-02-26T15:28:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-736-cross-site-request-forgery</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3332-missing-authorization-to-authenticated-subscriber-media-attachment-password-disclosure</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-config-file-editor/wp-config-file-editor-171-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omigo/omigo-33-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-02-06T20:23:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quicklatex/wp-quicklatex-387-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-694-sensitive-information-exposure-via-log-file</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-page-builder-features-3219-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alex-reservations/alex-reservations-smart-restaurant-booking-223-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-11-07T21:13:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adaptive-images/adaptive-images-for-wordpress-0666-local-file-inclusion</loc>
<lastmod>2019-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mui-mass-user-input/wp-mui-mass-user-input-add-and-export-wp-users-quickly-18-missing-authorization</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-star-rating/gd-star-rating-1922-cross-site-scripting</loc>
<lastmod>2011-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1563-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/togo/togo-104-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jsm-show-post-meta/jsm-show-post-metadata-460-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-37-arbitrary-file-upload</loc>
<lastmod>2015-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-274-arbitrary-file-upload</loc>
<lastmod>2019-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15112-authenticated-contributor-stored-cross-site-scripting-via-username</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebay-feeds-for-wordpress/ebay-product-feeds-349-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-323-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/montezuma/montezuma-118-cross-site-scripting</loc>
<lastmod>2013-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-manager-powered-by-behance/behance-portfolio-manager-175-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-hotel/easy-hotel-booking-184-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memphis-documents-library/memphis-documents-library-315-arbitrary-file-download</loc>
<lastmod>2016-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingcom-banner-creator/bookingcom-banner-creator-142-cross-site-scripting</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-598-authenticated-contributor-stored-cross-site-scripting-via-accordion</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-920-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-website-builder-4560-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protected/password-protected-ultimate-plugin-to-password-protect-your-wordpress-content-with-ease-266-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-support/majestic-support-112-missing-authorization</loc>
<lastmod>2026-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-1121-missing-authorization-to-authenticated-contributor-information-disclosure</loc>
<lastmod>2025-10-13T16:24:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-history/simple-history-107-sensitive-information-disclosure</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-reachship-multi-carrier-conditional-shipping/reachship-woocommerce-multi-carrier-conditional-shipping-431-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-queue_posts</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motopress-slider-lite/responsive-wordpress-slider-220-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-post-grid/wp-ultimate-post-grid-393-authenticated-contributor-stored-cross-site-scripting-via-wpupg-grid-with-filters-shortcode</loc>
<lastmod>2024-10-10T18:52:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-1363-reflected-cross-site-scripting-via-really_curr_tax-parameter</loc>
<lastmod>2024-11-19T09:21:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-522-stored-cross-site-scripting</loc>
<lastmod>2014-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-ad-manager-plugin/wp-google-ad-manager-plugin-110-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2026-01-27T21:47:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-all-in-one-for-wp/dsgvo-all-in-one-for-wp-43-cross-site-request-forgery</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-123-subscriber-user-avatar-override</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-602-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T19:17:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-widget/wordpress-ad-widget-2110-local-file-inclusion</loc>
<lastmod>2017-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vaultpress/vaultpress-186-remote-code-execution</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-payments/accept-stripe-payments-2086-authenticated-contributor-stored-cross-site-scripting-via-accept_stripe_payment_ng-shortcode</loc>
<lastmod>2024-08-06T23:21:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locatoraid/locatoraid-store-locator-3930-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-398-authenticated-subscriber-arbitrary-course-content-manipulation-via-tutor_update_course_content_order</loc>
<lastmod>2026-04-16T15:10:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-link-to-facebook/add-link-to-facebook-23-stored-cross-site-scripting</loc>
<lastmod>2018-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-614-authenticated-submitter-arbitrary-file-deletion</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3114-missing-authorization-in-several-ajax-actions</loc>
<lastmod>2024-08-23T14:20:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-telegram/contact-form-7-telegram-085-missing-authorization-to-authenticated-subscriber-subscription-approvepauserefuse</loc>
<lastmod>2024-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedback-modal-for-website/feedback-modal-for-website-101-missing-authorization-to-unauthenticated-arbitrary-feedback-data-exfiltration-via-export_data-parameter</loc>
<lastmod>2025-12-04T16:30:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codeconfig-accessibility/accessiy-by-codeconfig-accessibility-easy-one-click-accessibility-toolbar-that-truly-matters-102-authenticated-subscriber-missing-authorization-to-modify-accessibility-settings</loc>
<lastmod>2025-12-05T17:47:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms-anti-spam/maspik-spam-blacklist-212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/10centmail-subscription-management-and-analytics/10centmail-2150-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mmm-file-list/mmm-simple-file-list-23-authenticated-subscriber-directory-traversal</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/country-flags-for-elementor/country-flags-for-elementor-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgraphql-smart-cache/wpgraphql-smart-cache-201-unauthenticated-private-content-disclosure</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-200-unauthenticated-php-object-injection</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15109-authenticated-contributor-blind-sql-injection-via-dataaddonid-parameter</loc>
<lastmod>2024-06-05T21:21:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suremembers/suremembers-1106-sensitive-information-exposure</loc>
<lastmod>2025-02-25T15:14:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth-client/oauth-20-client-for-sso-1113-authentication-bypass</loc>
<lastmod>2022-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starbox-voting/starbox-voting-204-full-path-disclosure</loc>
<lastmod>2011-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/front-user-submit-front-editor-370-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-saveredirectsettings-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-duplicator/easy-post-duplicator-101-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-find-your-nearest/wp-find-your-nearest-031-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slingblocks/slingblocks-gutenberg-blocks-by-funnelkit-formerly-woofunnels-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-07T21:25:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accounting-for-woocommerce/accounting-for-woocommerce-166-reflected-cross-site-scripting</loc>
<lastmod>2024-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcleaner/wp-cleaner-115-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-1920-cross-site-scripting</loc>
<lastmod>2010-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seur/seur-oficial-160-cross-site-scripting</loc>
<lastmod>2021-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-129-authenticated-admin-phar-deserialization</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-carousel-free/carousel-slider-gallery-by-wp-carousel-252-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ele-blog/eleblog-elementor-blog-and-magazine-addons-18-missing-authorization-to-authenticated-subscriber-deactivation-submission</loc>
<lastmod>2024-12-03T14:18:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-the-1-gamification-plugin-to-reward-points-achievements-badges-ranks-in-wordpress-686-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailster/mailster-2451-stored-cross-site-scripting</loc>
<lastmod>2020-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickwhale/clickwhale-link-manager-link-shortener-and-click-tracker-for-affiliate-links-link-pages-241-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genie-wp-favicon/genie-wp-favicon-052-cross-site-request-forgery</loc>
<lastmod>2021-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-pro/dokan-pro-405-authenticated-vendor-privilege-escalation</loc>
<lastmod>2025-08-25T16:11:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-gallery/portfolio-gallery-photo-gallery-118-authenticated-admin-sql-injection</loc>
<lastmod>2023-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-login/clean-login-115-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-13109-cross-site-scripting</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-affiliation/lws-affiliation-236-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-wp-rest-api/ultimate-endpoints-with-rest-api-222-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T15:17:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thebing-snippet/fidelo-snippet-112-reflected-cross-site-scripting</loc>
<lastmod>2025-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-4812-authenticated-contributor-stored-cross-site-scripting-via-inline-svg</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-1013-stored-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-714-unauthenticated-backup-download</loc>
<lastmod>2020-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/industrial-lite/industrial-lite-108-missing-authorization</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-516-authentication-bypass</loc>
<lastmod>2024-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-427-reflected-cross-site-scripting</loc>
<lastmod>2019-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-user-roles/premmerce-user-roles-1013-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-306-cross-site-request-fogery-via-do_admin_action</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-mobile-friendly-drag-drop-contact-form-builder-11542-unauthenticated-sql-injection-via-inputs</loc>
<lastmod>2026-05-04T18:43:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gm-woocommerce-quote-popup/product-enquiry-for-woocommerce-30-cross-site-request-forgery</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dl-leadback/dl-leadback-121-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-category-and-custom-taxonomy-image/advanced-category-and-custom-taxonomy-image-109-authenticated-contributor-stored-cross-site-scripting-via-ad_tax_image-shortcode</loc>
<lastmod>2024-10-17T21:27:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-compare-block/beaf-162-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2111-authenticated-privilege-escalation-via-profile-update</loc>
<lastmod>2020-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folders/folders-315-incorrect-authorization-to-authenticated-contributor-folder-content-manipulation</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-pp/duplicate-post-page-and-any-custom-post-355-authenticated-contributor-post-disclosure-via-post-duplication</loc>
<lastmod>2025-01-06T15:07:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-antispam-firewall-by-cleantalk-51273-reflected-cross-site-scripting</loc>
<lastmod>2019-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/absolute-privacy/absolute-privacy-21-cross-site-request-forgery-to-user-emailpassword-change</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpie-faq/helpie-faq-198-reflected-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rehub-theme/rehub-19991-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2216-authenticated-parent-sql-injection</loc>
<lastmod>2025-03-14T14:23:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-241-authenticated-stored-cross-site-scripting-via-element-content</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uroan-core/uroan-core-144-unauthenticated-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyberus-key/cyberus-key-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail/wp-mail-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1381-authenticated-contributor-local-file-inclusion-via-progress_type</loc>
<lastmod>2024-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suremails/suremail-smtp-and-email-logs-plugin-with-amazon-ses-postmark-and-other-providers-190-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-12-01T19:54:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-224-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-209-missing-authorization</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-calendar-wd/eventcalendar-1121-cross-site-scripting</loc>
<lastmod>2018-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms-anti-spam/maspik-spam-blacklist-0103-bypass</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-114-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-596-authenticated-contributor-stored-cross-site-scripting-via-events_cal-shortcode</loc>
<lastmod>2024-11-05T23:36:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aweber-web-form-widget/aweber-free-sign-up-form-and-landing-page-builder-plugin-for-lead-generation-and-email-newsletter-growth-by-aweber-7314-authenticated-admin-sql-injection</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-review-slider-pro/wp-review-slider-pro-1268-authenticated-subscriber-arbitrary-file-deletion-via-myaction-parameter</loc>
<lastmod>2026-06-15T20:44:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everviz/everviz-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-17T20:17:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/woocommerce-social-login-275-authentication-bypass-to-account-takeover</loc>
<lastmod>2024-08-09T13:23:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-144-cross-site-request-forgery</loc>
<lastmod>2020-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1129-authenticated-accounting-manager-sql-injection-via-id</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-authenticator/google-authenticator-047-improper-authentication</loc>
<lastmod>2016-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-google-code-inserter/smart-google-code-inserter-35-unauthenticated-sql-injection</loc>
<lastmod>2018-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-security-policy/wp-content-security-plugin-23-unauthenticated-stored-cross-site-scripting-via-csp-report-fields</loc>
<lastmod>2025-05-14T13:58:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-for-woocommerce/membership-for-woocommerce-303-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-sms-addon/contact-form-7-clockwork-sms-241-reflected-cross-site-scripting</loc>
<lastmod>2017-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-easy-listing-directories-for-wordpress-5111-cross-site-request-forgery-to-arbitrary-listing-export</loc>
<lastmod>2021-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3250-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2022-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/regpack/regpack-01-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-rating/multi-rating-506-missing-authorization-to-arbitrary-ratings-value-change</loc>
<lastmod>2023-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-308-missing-authorization-to-admin-username-change</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-watermark/ultimate-watermark-11-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-rewards-gamification-ranks-badges-loyalty-plugin-263-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-zillow-review-slider/wp-zillow-review-slider-23-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adthrive-ads/raptive-ads-363-reflected-cross-site-scripting</loc>
<lastmod>2025-02-18T19:34:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-ecommerce-shopping-cart-6123-missing-authorization-on-multiple-functions</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-email-only-on-reply-to-my-comment/send-email-only-on-reply-to-my-comment-106-reflected-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editorial-calendar/editorial-calendar-380-authenticatedcontributor-stored-cross-site-scripting-via-edcal_saveoptions-ajax-action</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/isida/isida-142-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodehub/shortcodehub-171-authenticated-contributor-stored-cross-site-scripting-via-author_link_target-parameter</loc>
<lastmod>2025-08-22T15:48:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-templates/email-templates-142-cross-site-request-forgery-via-send_test_email</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webdesignby-recaptcha/recaptcha-by-webdesignby-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-shortcode/post-shortcode-209-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-tooltipglossary/cm-tooltip-glossary-powerful-glossary-plugin-4211-cross-site-request-forgery</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeshark-elementor/themeshark-templates-widgets-for-elementor-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/buyent/buyent-theme-with-buyent-classified-plugin-107-unauthenticated-privilege-escalation-via-user-registration</loc>
<lastmod>2026-02-18T15:39:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/better-wp-security-363-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-361-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/butcher/butcher-254-reflected-cross-site-scripting</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-333-multiple-unauthenticated-sql-injections</loc>
<lastmod>2021-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-3031-arbitrary-wordpress-shortcode-injection</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-catcher/mail-logging-wp-mail-catcher-213-authenticated-admin-sql-injection</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-883-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-post-schedule-modification-via-b2s_id-parameter</loc>
<lastmod>2026-04-07T19:13:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-wp-query-search-filter/ultimate-wp-query-search-filter-1010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-parallax-content-slider/wp-parallax-content-slider-098-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-streams/social-streams-121-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-07-22T14:03:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/discy/discy-51-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-missing-authorization-to-settings-update-in-stopoptimizeall</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-plus/affiliate-plus-132-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-07-23T20:43:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-multi-criteria-reviews-for-woocommerce-with-google-reviews-schema-236-missing-authorization</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oxygen/oxygen-608-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-41732-unauthenticated-local-file-inclusion</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dreamstime-stock-photos/dreamstime-stock-photos-41-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-spam-embed-on-multisite-installations</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/station-pro/station-pro-242-authenticated-contributor-stored-cross-site-scripting-via-width-and-height-parameters</loc>
<lastmod>2025-07-23T20:39:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-519-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-shipping-usps/usps-shipping-for-woocommerce-live-rates-192-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-269-authenticated-contributor-stored-cross-site-scripting-via-countdown-timer-widget</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yt-cookie-nonsense/cookie-nonsense-for-yt-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/makeaholic/makeaholic-185-missing-authorization</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/en-masse-wp/en-masse-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/tag-category-and-taxonomy-manager-ai-autotagger-with-openai-3401-authenticated-contributor-sql-injection-via-order-by-clause</loc>
<lastmod>2025-12-05T16:26:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycustomwidget/my-custom-widgets-205-reflected-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-custom-sidebar/real-wordpress-sidebar-01-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-recent-posts-widget/smart-recent-posts-widget-104-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-streaming-player/silverlight-video-player-10-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-61-617-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/car/car-rental-system-13-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-buttons/wp-social-buttons-21-admin-cross-site-scripting</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.3/wordpress-core-332-authorization-bypass</loc>
<lastmod>2012-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-blocks-pro/advanced-blocks-pro-100-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-09T13:27:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bodycenter/bodycenter-gym-fitness-woocommerce-wordpress-theme-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-150-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ecoblue/ecoblue-115-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-newsletter/email-newsletter-2015-unauthenticated-sql-injection</loc>
<lastmod>2015-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartasi-x-pay/nexi-xpay-830-missing-authorization-to-unauthenticated-order-status-modification</loc>
<lastmod>2026-04-14T09:14:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-holiday-calendar/the-holiday-calendar-1113-cross-site-scripting</loc>
<lastmod>2015-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-text-slider/simple-text-slider-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-350-reflected-cross-site-scripting-via-add_query_arg-parameter</loc>
<lastmod>2024-11-04T19:53:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tarteaucitron-wp/tarteaucitronjs-for-wordpress-030-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-listings/impress-listings-262-missing-authorization</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-page-editor/login-page-editor-12-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-23T19:25:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salvador-ai-image-generator/salvador-ai-image-generator-1011-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode/wp-maintenance-mode-187-missing-authorization-checks-cross-site-request-forgery</loc>
<lastmod>2013-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arcadeready/arcade-ready-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amadiscount/amadiscount-10-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-3142-missing-authorization</loc>
<lastmod>2026-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-495-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-45-cross-site-request-forgery-to-account-logout</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-action-network/action-network-142-reflected-cross-site-scripting-via-search</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weforms/weforms-1621-unauthenticated-stored-cross-site-scripting-via-referer</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-205-sql-injection</loc>
<lastmod>2007-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-category-gallery/post-categories-gallery-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:24:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/innovs-hr-manager/innovs-hr-1034-reflected-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guild-armory-roster/wow-guild-armory-roster-055-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-wp/wp-ghost-5401-unauthenticated-limited-file-read</loc>
<lastmod>2025-03-13T16:21:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3103-authenticated-contributor-stored-cross-site-scripting-via-photo-stack-widget</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyfunnel-lite/surveyfunnel-survey-plugin-for-wordpress-115-unauthenticated-information-exposure</loc>
<lastmod>2025-12-04T16:28:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gerencianet-official/gerencianet-oficial-148-missing-authorization</loc>
<lastmod>2023-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-assistant/debug-assistant-14-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9200-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bj-lazy-load/bj-lazy-load-109-authenticated-contributor-stored-cross-site-scripting-via-custom-html-block</loc>
<lastmod>2026-05-11T19:10:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-page-visit-counter/advanced-page-visit-counter-508-unauthenticated-cross-site-scripting</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonial-rotator/easy-testimonial-slider-and-form-102-authenticated-admin-sql-injection</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-for-wp-by-pushassist/push-notifications-for-wordpress-by-pushassist-308-reflected-cross-site-scripting</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-edit-username/wp-edit-username-105-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-show-core/wpb-show-core-26-reflected-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-table/product-table-for-woocommerce-312-missing-authorization</loc>
<lastmod>2022-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-consent-box/gdpr-cookie-consent-notice-box-116-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdvs-password-reset/password-reset-with-code-for-wordpress-rest-api-0015-weak-password-recovery-mechanism</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-builder-1628-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-my-blog/print-my-blog-print-pdf-ebook-converter-wordpress-plugin-341-cross-site-request-forgery</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-machine/wp-time-machine-340-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T20:29:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compact-wp-audio-player/compact-wp-audio-player-199-authenticated-contributor-stored-cross-site-scripting-via-fileurl</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-hunt/gift-hunt-202-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/acerola/mulitple-themes-by-themeton-various-versions-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-by-supsystic/popup-by-supsystic-11019-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-367-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-xml-feed/import-xml-and-rss-feeds-213-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-22-cross-site-scripting</loc>
<lastmod>2007-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-setup-wizard/wp-setup-wizard-1081-authenticated-subscriber-full-database-download</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4294-missing-authorization</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-wp-security-backup-speed-growth-42-csv-injection</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-widgets-for-elementor/cryptocurrency-widgets-for-elementor-164-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-436-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-service-payment-form-with-authorizenet/wp-service-payment-form-with-authorizenet-263-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T15:14:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-login-and-signup-widget/custom-login-and-signup-widget-10-cross-site-request-forgery</loc>
<lastmod>2025-09-19T18:23:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anonymous-restricted-content/anonymous-restricted-content-162-protection-mechanism-bypass</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-440-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-sitemap/simple-sitemap-357-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/border-loading-bar/border-loading-bar-101-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-copysafe-web/copysafe-web-protection-26-cross-site-request-forgery</loc>
<lastmod>2017-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-powerful-seo-plugin-to-boost-seo-rankings-increase-traffic-492-missing-authorization-to-authenticated-contributor-ai-access-token-and-credit-disclosure</loc>
<lastmod>2026-01-15T16:24:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-241-username-enumeration</loc>
<lastmod>2022-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asset-clean-up/asset-cleanup-1384-reflected-cross-site-scripting</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-show-single-variations-shop-category/show-variations-as-single-products-woocommerce-20-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cardealer/wp-cardealer-1216-unauthenticated-privilege-escalation</loc>
<lastmod>2025-12-10T12:04:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/raindrops/raindrops-1600-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-avatar-user-profile/3d-avatar-user-profile-100-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-548-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-02-06T17:30:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/key-figures/key-figures-11-authenticated-admin-stored-cross-site-scripting-via-kf_field_figure_default_color_render</loc>
<lastmod>2026-01-06T18:36:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-parsidate/parsi-date-401-reflected-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-images-rotator/ntp-header-images-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asynchronous-javascript/asynchronous-javascript-135-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-4155-authenticated-contributor-stored-cross-site-scripting-via-reg-single-checkbox</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/light-messages/light-messages-10-authenticated-admin-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultra-addons-for-contact-form-7-3511-3519-unauthenticated-stored-cross-site-scripting-via-database-module</loc>
<lastmod>2025-06-25T20:51:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shariff/shariff-wrapper-4613-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitelock/sitelock-security-502-missing-authorization</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spin/spin-cricket-team-sports-wordpress-theme-ai-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-471-cross-site-scripting-via-name-and-version-header-of-plugin</loc>
<lastmod>2017-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitors-traffic-real-time-statistics-72-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ezpz-one-click-backup/ezpz-one-click-backup-120310-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-elite-for-woocommerce/booster-elite-for-woocommerce-712-missing-authorization-to-order-information-disclosure</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-shipping-dpd-baltic/woocommerce-shipping-dpd-baltic-1254-missing-authorization-to-arbitrary-options-deletion</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid-carousel-ultimate/post-grid-slider-carousel-ultimate-143-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ci-hub-connector/ci-hub-connector-12106-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-04-21T19:07:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager-pro/file-manager-pro-837-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-08-22T14:04:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moolamojo/moolamojo-0741-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-2114-missing-authorization</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-21110-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azz-anonim-posting/azz-anonim-posting-09-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-search/advanced-woo-search-168-cross-site-scripting</loc>
<lastmod>2019-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/helvig/helvig-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder-pro/profile-builder-pro-3100-cross-site-request-forgery</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-control/wp-user-control-153-insecure-password-reset-mechanism</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-381-unauthenticated-sql-injection</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rps-include-content/rps-include-content-122-missing-authorization</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-filters/woocommerce-product-filters-206-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-bank/gallery-bank-wordpress-photo-gallery-plugin-2020-reflected-cross-site-scripting</loc>
<lastmod>2013-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-214-reflected-cross-site-scripting-via-extension</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dummy-content-generator/wp-dummy-content-generator-230-missing-authorization</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-2171-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upload-file-type-settings-plugin/upload-file-type-settings-plugin-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-29940-cross-site-request-forgery-via-initbackendajax</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-smart-upsell-funnel/wpc-smart-upsell-funnel-for-woocommerce-304-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plisio-payment-gateway-for-woocommerce/accept-cryptocurrencies-with-plisio-206-missing-authorization</loc>
<lastmod>2026-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codistoconnect/omnichannel-for-woocommerce-google-amazon-ebay-walmart-integration-powered-by-codisto-1365-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-03T15:51:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-10111-authenticated-contributor-stored-cross-site-scripting-via-wpbc-shortcode</loc>
<lastmod>2025-05-16T21:35:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svgmagic/svgmagic-11-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xo-event-calendar/xo-event-calendar-236-reflected-cross-site-scripting</loc>
<lastmod>2021-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-file-links/pretty-file-links-09-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-3050-unauthenticated-sql-injection</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uw-freelancer/uw-freelancer-01-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azurecurve-bbcode/azurecurve-bbcode-204-authenticated-contributor-stored-cross-site-scripting-via-url-shortcode</loc>
<lastmod>2025-09-10T18:50:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-761-missing-authorization</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kaya-qr-code-generator/kaya-qr-code-generator-152-authenticated-contributor-stored-cross-site-scripting-via-qrcode-attribute</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-multiple-marker/add-multiple-marker-12-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-11-10T15:17:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/property-hive-stamp-duty-calculator/property-hive-stamp-duty-calculator-1022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/woocommerce-blocker-lite-215-cross-site-request-forgery</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-forms-by-mailmunch/mailchimp-forms-by-mailmunch-317-cross-site-request-forgery-via-multiple-ajax-actions</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-featured-images-from-videos/automatic-featured-images-from-videos-127-missing-authorization</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-signature/post-signature-041-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flashcard/flashcard-plugin-for-wordpress-09-authenticated-contributor-arbitrary-file-read-via-path-traversal</loc>
<lastmod>2026-01-06T18:34:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplr-sync/photo-engine-643-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-responsive-photo-gallery-image-viewer-justified-masonry-carousel-2429-insecure-direct-object-reference-to-authenticated-custom-arbitrary-postpage-updates</loc>
<lastmod>2025-03-07T16:21:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-restrict/restrictions-for-buddypress-152-missing-authorization-to-unauthenticated-tracking-status-update</loc>
<lastmod>2025-11-17T20:52:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-291-unauthenticated-arbitrary-code-execution</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/right-click-disable-or-ban/right-click-disable-or-ban-1117-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/endless-posts-navigation/endless-posts-navigation-227-cross-site-request-forgery</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-404-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-202-205-sensitive-information-disclosure</loc>
<lastmod>2007-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxi-blocks/maxi-blocks-218-missing-authorization-to-authenticated-author-media-file-deletion-via-old_media_src-parameter</loc>
<lastmod>2026-04-23T14:43:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-popular-posts-plugin-324-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-3107-insecure-direct-object-reference-to-sensitive-information-exposure-via-user_meta-shortcode</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wish-list-for-woocommerce/wishlist-for-woocommerce-330-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-450-missing-capabilities-check-to-user-enumeration</loc>
<lastmod>2023-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/wp-jobsearch-233-authentication-bypass</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-redirect-thank-you-page/contact-form-7-redirect-thank-you-page-106-reflected-cross-site-scripting</loc>
<lastmod>2024-11-11T15:08:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1382-reflected-cross-site-scripting-via-title-parameter</loc>
<lastmod>2025-01-30T15:07:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-admin-interface/wp-custom-admin-interface-742-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-3171-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-html-sitemap/wordpress-simple-html-sitemap-31-authenticated-admin-sql-injection</loc>
<lastmod>2024-09-24T15:19:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sv100-companion/sv100-companion-2002-unauthenticated-privilege-escalation</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-2945-cross-site-request-forgery</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-reviews/jetreviews-236-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem-elementor/thegem-elementor-5105-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knews/knews-multilingual-newsletters-126-cross-site-request-forgery</loc>
<lastmod>2012-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-353-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sabaisdiscuss/sabai-discuss-1413-reflected-cross-site-scripting</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-67065-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-portfolio/gs-filterable-portfolio-160-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upcasted-s3-offload/upcasted-s3-offload-aws-s3-digital-ocean-spaces-backblaze-minio-and-more-303-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-2410-missing-authorization</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-4222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-5452-unauthenticated-arbitrary-options-deletion</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/varnish-wp/varnish-wordpress-17-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-user-roles/premmerce-user-roles-1012-missing-authorization-via-role-management-functions</loc>
<lastmod>2023-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/softdiscover-db-file-manager/file-manager-code-editor-and-backup-by-managefy-148-authenticated-admin-path-traversal-to-arbitrary-file-download</loc>
<lastmod>2025-08-27T14:40:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-2108-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2026-02-18T16:19:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-263-improper-rest-capabilities-checks</loc>
<lastmod>2018-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-news-magazine/wp-news-119-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copyscape-premium/copyscape-premium-141-cross-site-request-forgery</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/teluro/teluro-1031-cross-site-request-forgery</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocs-1372-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-front-end-editor/wp-quick-frontend-editor-55-authenticated-subscriber-content-injection</loc>
<lastmod>2021-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-233-authenticated-contributor-sql-injection</loc>
<lastmod>2024-05-31T19:39:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnisend-connect/email-marketing-for-woocommerce-by-omnisend-1143-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-cookie-banner/real-cookie-banner-2181-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-videos/youtube-gallery-and-vimeo-gallery-plugin-242-authenticated-administrator-sql-injection</loc>
<lastmod>2024-12-05T14:39:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-maileremail-log-213-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navz-photo-gallery/acf-photo-gallery-field-26-missing-authorization-in-apgf_update_donation</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-736-reflected-cross-site-scripting</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-644-cross-site-request-forgery-via-cmplz_delete_cookiebanner</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-price-list/stylish-price-list-717-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-code-snippets-extension/mainwp-code-snippets-extension-402-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ziteboard-online-whiteboard/ziteboard-online-whiteboard-299-authenticated-contributor-stored-cross-site-scripting-via-ziteboard-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boo-recipes/boo-recipes-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bighearts/bighearts-3114-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1262-authenticated-admin-php-object-injection</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mj-contact-us/mj-contact-us-523-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-infusionsoft/wp-gravity-forms-keapinfusionsoft-126-open-redirect</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-by-supsystic/membership-by-supsystic-150-authenticated-admin-time-based-blind-sql-injection</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/repairbuddy-repair-shop-crm-booking-plugin-for-wordpress-41132-missing-authorization</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/winterlock/wp-system-log-1021-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-auction/ultimate-auction-432-unauthenticated-information-exposure</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-feed-statistics/feed-statistics-41-cross-site-request-forgery-via-init</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-854-cross-site-request-forgery-to-coupon-deletion</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-3212-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/hotel-booking-228-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trinity-audio/trinity-audio-5202-cross-site-request-forgery</loc>
<lastmod>2025-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opengraph/open-graph-1112-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/device-detector/device-detector-420-reflected-cross-site-scripting-via-id</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-221-sql-injection</loc>
<lastmod>2007-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-contact/simplify-contact-management-wp-easy-contact-400-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/responsive-contact-form-builder-lead-generation-plugin-201-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-currency-switcher/currency-switcher-for-wordpress-103-reflected-cross-site-scripting</loc>
<lastmod>2022-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-staff-list/simple-staff-list-223-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-401-724-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-03T16:34:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1281-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-571-cross-site-request-forgery</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-missing-authorization-in-ajaxcalculateseveralproducts-function</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-giftcards/gift-cards-for-woocommerce-158-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-294-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jnews-frontend-submit/jnews-frontend-submit-1100-reflected-cross-site-scripting</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ngg-smart-image-search/ngg-smart-image-search-343-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evergreen-content-poster/evergreen-content-poster-145-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-664-unauthenticated-sql-injection</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-razorpay/razorpay-for-woocommerce-456-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-addon-for-elementor/events-addon-for-elementor-223-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifepress/lifepress-213-missing-authorization</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-tumblog/wootumblog-214-missing-authorization-to-unauthenticated-content-injection</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mortgage-calculators-wp/mortgage-calculators-wp-156-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate/image-hover-effects-ultimate-973-authenticated-stored-cross-site-scripting-via-media-url</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/special-feed-items/special-feed-items-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fitness-fse/fitness-fse-106-missing-authorization</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-share-buttons-for-wordpress/easy-social-share-buttons-for-wordpress-341-cross-site-scripting</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-in-posts/google-maps-in-posts-153-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fundraising-donation/wp-fundraising-donation-and-crowdfunding-platform-173-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ttv-easy-embed-player/twitch-player-213-missing-authorization</loc>
<lastmod>2025-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secondary-title/secondary-title-2091-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-slideshow/layer-slider-1197-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-addons-for-elementor/responsive-addons-for-elementor-free-elementor-addons-plugin-and-elementor-templates-169-authenticated-contributor-stored-cross-site-scripting-via-rael_title_tag</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-328-missing-authorization</loc>
<lastmod>2016-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/miion/miion-127-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-protect-email-addresses-and-phone-numbers-219-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dynamic-keywords-injector/wp-dynamic-keywords-injector-2315-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-user-profile-registration-login-member-directory-content-restriction-membership-plugin-268-cross-site-request-forgery</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/redy/redy-102-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xola-bookings-for-tours-activities/xola-16-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snow-storm/snow-storm-146-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-discussions/social-discussions-611-remote-file-inclusion-and-full-path-disclosure</loc>
<lastmod>2012-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-6911-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10272-authenticated-contributor-stored-cross-site-scripting-via-colibri-gallery-slideshow-shortcode</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-based-login/ip-based-login-240-cross-site-request-forgery-to-log-deletion</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404like/404like-10-sql-injection</loc>
<lastmod>2012-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-notes/user-notes-101-cross-site-scripting</loc>
<lastmod>2021-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tabs/jettabs-2291-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bw-printxtore/printxtore-177-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-ssl/really-simple-security-simple-and-performant-security-formerly-really-simple-ssl-959-missing-authorization</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms/nex-forms-787-authentication-bypass-for-pdf-reports</loc>
<lastmod>2021-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-templates/email-templates-13-html-injection</loc>
<lastmod>2019-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta/user-meta-312-reflected-cross-site-scripting</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-824-cross-site-request-forgery-to-bulk-deletion</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/porto-functionality/porto-theme-functionality-309-authenticated-contributor-local-file-inclusion-via-post-meta</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safe-svg/safe-svg-225-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livejournal-shortcode/livejournal-shortcode-111-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suggestion-toolkit/suggestion-toolkit-50-missing-authorization</loc>
<lastmod>2026-01-10T14:52:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-with-chatwork/contact-form-7-with-chatwork-110-authenticated-administrator-stored-cross-site-scripting-via-api_token-and-roomid-settings</loc>
<lastmod>2025-12-11T15:11:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csprite/csprite-11-cross-site-request-forgery</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-classified-ads-business-directory-plugin-304-missing-authorization</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-campaigns/zoho-campaigns-208-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-wp-url/change-wp-url-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-27T21:48:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forms-connector/wp-forms-connector-18-missing-authorization-to-unauthenticated-information-exposure-via-userlist-rest-endpoint</loc>
<lastmod>2026-06-23T16:39:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-sendinblue-newsletter-subscription/sendinblue-for-woocommerce-4049-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2312-unauthenticated-information-exposure</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-135-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-folder/wp-media-folder-572-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/offload-videos-bunny-netaws-s3/offload-videos-bunnynet-aws-s3-100-cross-site-request-forgery</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-411-reflected-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-cognito/login-with-cognito-148-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cue/cue-244-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-stars-count-for-woocommerce/review-stars-count-for-woocommerce-20-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-26514-authenticated-subscriber-php-object-injection</loc>
<lastmod>2022-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-frases/vr-frases-collect-share-quotes-301-reflected-cross-site-scripting</loc>
<lastmod>2025-01-29T21:20:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1024-blind-sql-injection</loc>
<lastmod>2016-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zendesk-help-center/help-center-by-bestwebsoft-104-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2287-2290-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-09-10T14:51:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects/simple-301-redirects-200-203-unauthenticated-redirect-import</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-4141-missing-authorization</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-gallery/ultimate-video-gallery-14-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-slider-and-carousel-with-lightbox/meta-slider-and-carousel-with-lightbox-162-cross-site-request-forgery</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-seo-author-snippets/google-seo-pressor-snippet-20-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-64-missing-authorization-to-arbitrary-plugin-activationdeactivation</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-openpos/woocommerce-openpos-701-missing-authorization-to-information-exposure</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-3301-missing-authorization-to-authenticated-subscriber-api-secret-key-disclosure-and-privilege-escalation-via-wlm3_get_screen-ajax-action</loc>
<lastmod>2026-05-22T16:21:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-1566-zip-extraction-to-arbitrary-file-upload-in-file-manager</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-thumbnail-slider/thumbnail-carousel-slider-104-authenticated-admin-sql-injection</loc>
<lastmod>2025-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-duplicate-posts/delete-duplicate-posts-489-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-491-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-app-online/build-app-online-1022-account-takeover-via-weak-password-reset-mechanism</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-insert/wp-insert-250-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-local-avatars/http-cache-semantics-411-regular-expression-denial-of-service-redos</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-related-posts/my-related-posts-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-menu-manager-wpzest/easy-menu-manager-wpzest-101-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-17T15:42:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-custom-website-data/custom-website-data-11-cross-site-scripting</loc>
<lastmod>2013-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-and-video-conference-with-jitsi-meet/webinar-and-video-conference-with-jitsi-meet-263-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-metaboxes/ip-metaboxes-211-reflected-cross-site-scripting</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-list-table-example/custom-list-table-example-141-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popup-builder/wp-popup-builder-129-missing-authorization-and-cross-site-request-forgery</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zoxpress/zoxpress-the-all-in-one-wordpress-news-theme-2120-missing-authorization-to-authenticated-subscriber-arbitrary-options-deletion</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-slider-gallery-form-modal-data-table-tab-particle-free-elementor-widgets-elementor-templates-353-authenticated-contributor-dom-based-cross-site-scripting</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-views/post-views-2612-cross-site-scripting</loc>
<lastmod>2012-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-captcha/contact-form-with-captcha-168-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-memberships/crm-memberships-25-missing-authorization-to-unauthenticated-ntzcrm_add_new_tag-ajax-action</loc>
<lastmod>2025-12-04T16:26:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-155-cross-site-scripting</loc>
<lastmod>2017-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tenweb-speed-optimizer/10web-booster-website-speed-optimization-cache-page-speed-optimizer-2834-missing-authorization-to-plugin-deactivation</loc>
<lastmod>2022-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusedwooPRO/infusedwoo-pro-512-unauthenticated-missing-authorization-to-arbitrary-post-deletion-via-multiple-parameters</loc>
<lastmod>2026-05-13T19:50:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-whois-search/whois-1422-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-531-reflected-cross-site-scripting</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hostiko/hostiko-hosting-wordpress-whmcs-theme-301-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15102-reflected-cross-site-scripting</loc>
<lastmod>2024-05-09T18:51:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-customer/full-cliente-3122-reflected-cross-site-scripting</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-simple-pack/seo-simple-pack-321-information-exposure</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1372-captcha-bypass</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-909-authenticated-administrator-sql-injection</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/togo/togo-104-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artiss-currency-converter/open-currency-converter-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wsm-downloader/wsm-downloader-140-domain-bypass</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-contact-form-payment-form-quiz-survey-custom-form-builder-with-ai-348-reflected-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-for-wp/related-posts-for-wordpress-204-stored-cross-site-scripting</loc>
<lastmod>2021-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fevents-book/wp-fevents-book-046-authenticated-subscriber-insecure-direct-object-reference-to-booking-manipulation</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/excel-like-price-change-for-woocommerce-and-wp-e-commerce-light/spreadsheet-price-changer-for-woocommerce-and-wp-e-commerce-light-2437-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailmunch/mailmunch-grow-your-email-list-312-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-amazon-ses/vulnerability-smtp-for-amazon-ses-18-unauthenticated-stored-cross-site-scripting-via-email-logs</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-ad-manager-adsense-1521-authenticated-admin-php-object-injection</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-analytics/wp-search-analytics-147-reflected-cross-site-scripting-via-render_stats_page</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/predict-when/predict-when-13-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookies-and-content-security-policy/cookies-and-content-security-policy-234-unauthenticated-information-exposure</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-copyprotect/wp-copyprotect-protect-your-blog-posts-310-cross-site-request-forgery-via-copyprotect_options_page</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prevent-direct-access/prevent-direct-access-protect-wordpress-files-288-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soj-soundslides/soj-soundslides-122-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-03-28T18:36:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-name-your-price/wpc-name-your-price-for-woocommerce-219-unauthenticated-price-alteration</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewstap/reviewstap-112-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analyticswp/analyticswp-200-unauthenticated-sql-injection</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-6076-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-real-time-search-scrolling/twitter-real-time-search-scrolling-70-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrestaurants/vikrestaurants-table-reservations-and-take-away-133-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmarker-1066-unauthenticated-sql-injection</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neighborly/neighborly-14-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-09-12T21:29:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-law-bar/cookie-law-bar-121-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/personalize-woocommerce-cart-page/gohero-store-customizer-for-woocommerce-35-missing-authorization-to-unuthenticated-settings-update</loc>
<lastmod>2025-01-24T18:42:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-1112-authenticated-contributor-privilege-escalation</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-135-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-228-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icon-list-block/icon-list-block-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/oauth-single-sign-on-sso-oauth-client-6241-cross-site-request-forgery-via-delete-in-mooauth_client_applist_page</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/conversiosio-all-in-one-google-analytics-pixels-and-product-feed-manager-for-woocommerce-710-reflected-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-author-box/simple-author-box-250-cross-site-request-forgery-via-save_user_profile</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-275-reflected-cross-site-scripting-via-job-search</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-29951-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheet-to-wp-table-for-google-sheet/sheet-to-table-live-sync-for-google-sheet-101-authenticated-contributor-stored-cross-site-scripting-via-stwt_sheet_table-shortcode</loc>
<lastmod>2024-08-13T21:05:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-611-reflected-cross-site-scripting</loc>
<lastmod>2020-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-user-access/restrict-user-access-ultimate-membership-content-protection-25-information-exposure</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/miniorange-social-login-and-register-discord-google-twitter-linkedin-pro-addon-20039-authentication-bypass</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-notify-lite/popup-builder-1137-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-reset</loc>
<lastmod>2025-12-12T16:05:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ajax-chat/simple-ajax-chat-20240216-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mercadolibre-integration/mercadolibre-integration-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mr-murphy/mr-murphy-custom-dress-tailoring-clothing-wordpress-theme-12121-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-envato-portfolio/gs-portfolio-for-envato-138-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/customer-reviews-309-cross-site-scripting</loc>
<lastmod>2016-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mihdan-no-external-links/no-external-links-5162-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hitsteps-visitor-manager/hitsteps-web-analytics-586-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pro-mime-types/pro-mime-types-manage-file-media-types-107-cross-site-request-forgery-via-pmt_settings_section_callback_tab_1</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-7612-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/footer-flyout-widget/footer-flyout-widget-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-plugin/newspack-386-missing-authorization</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-294-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WP_AttractiveDonationsSystem/attractive-donations-system-easy-stripe-paypal-donations-125-cross-site-request-forgery</loc>
<lastmod>2025-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visucom-smart-sections/smart-sections-theme-builder-wpbakery-page-builder-addon-178-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-749-authenticated-contributor-stored-cross-site-scripting-via-su_box-shortcode</loc>
<lastmod>2026-04-15T14:02:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-1480-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/actionwear-products-sync/actionwear-products-sync-233-missing-authorization</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-290-cross-site-request-forgery-via-unpublishheader</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-support/svg-support-258-stored-cross-site-scripting-via-vulnerability-dependency</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-1-click-wp-staging-migration-01022-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/revslider-6620-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-chart-block/sb-chart-block-126-authenticated-contributor-stored-cross-site-scripting-via-classname-parameter</loc>
<lastmod>2025-04-18T20:33:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/askka/askka-candle-shop-wordpress-theme-131-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-217-missing-authorization-to-authenticated-subscriber-assistant-deletion</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandmagazine/grand-magazine-355-cross-site-request-forgery</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-tooltips/wordpress-tooltips-825-multiple-cross-site-request-forgery</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-pdf-attachment/custom-post-type-attachment-345-authenticated-contributor-stored-cross-site-scripting-via-pdf_attachment-shortcode</loc>
<lastmod>2024-05-15T18:50:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-913-cross-site-request-forgery</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ui/shortcodes-ui-198-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist/wishlist-1039-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homey-core/homey-core-243-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/split-test-for-elementor/split-test-for-elementor-184-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-2128-authenticated-contributor-user-meta-disclosure</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/host-webfonts-local/omgf-4511-authenticated-admin-arbitrary-folder-deletion-via-path-traversal</loc>
<lastmod>2021-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/wp-booking-calendar-1064-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avcp/anac-xml-bandi-di-gara-77-reflected-cross-site-scripting</loc>
<lastmod>2025-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/writesonic/writesonic-105-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/address-autocomplete-using-google-place-api/address-autocomplete-using-google-place-api-100-cross-site-request-forgery</loc>
<lastmod>2022-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scriptcase/wp-scriptcase-200-authenticated-contributor-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2025-09-10T18:51:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-pro/rss-feed-pro-118-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kk-blog-card/kk-blog-card-13-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-08T15:07:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-static-cache/super-static-cache-335-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/scarlet/scarlet-all-versions-cross-site-scripting</loc>
<lastmod>2013-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-any-api/contact-form-to-any-api-303-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5981-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-custom-fields/just-custom-fields-332-missing-authorization-on-ajax-actions</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3815-reflected-self-based-cross-site-scripting-via-referer</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automate-hub-free-by-sperse-io/automate-hub-free-by-sperseio-170-cross-site-request-forgery-to-activation-status-update</loc>
<lastmod>2025-01-23T18:42:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-user-enumeration/stop-user-enumeration-137-cross-site-scripting</loc>
<lastmod>2017-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ajax-chat/simple-ajax-chat-20220115-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-02-16T09:16:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-1683-reflected-cross-site-scripting</loc>
<lastmod>2025-03-06T20:14:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-manager/job-manager-0725-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-4274-arbitrary-file-upload</loc>
<lastmod>2014-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guest-support/guest-support-complete-customer-support-ticket-system-for-wordpress-122-missing-authorization-to-unauthenticated-ticket-deletion</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-371-authenticated-contributor-stored-cross-site-scripting-via-video-shortcode</loc>
<lastmod>2024-07-23T18:08:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-control/content-control-119-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-cat/quiz-cat-308-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-for-the-events-calendar/cool-plugins-various-versions-arbitrary-plugin-installation-and-activation</loc>
<lastmod>2022-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-background/ap-background-382-cross-site-request-forgery</loc>
<lastmod>2025-10-02T21:28:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zd-youtube-flv-player/zd-youtube-flv-player-126-server-side-request-forgery</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-portfolio/phlox-portfolio-231-unauthenticated-local-file-inclusion</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-realestate/wp-realestate-1626-unauthenticated-privilege-escalation-via-process_register</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search/better-search-223-sql-injection</loc>
<lastmod>2019-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/novo-map/novo-map-your-wp-posts-on-custom-google-maps-112-cross-site-request-forgery</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/typing-text/typing-text-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-instagram-feed/ultimate-instagram-feed-wordpress-plugin-13-reflected-cross-site-scripting</loc>
<lastmod>2017-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheets-to-wp-table-live-sync/sheets-to-wp-table-live-sync-21215-cross-site-request-forgery</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team/team-showcase-12223-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-elementor-contact-form-db/elementor-contact-form-db-15-sensitive-information-disclosure</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-publications/wp-publications-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-183-cross-site-request-forgery</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-from-email/change-from-email-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-for-billingo-gravity-forms/multiple-plugins-from-viszt-peter-cross-site-request-forgery</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-253-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder/ultimate-addons-for-beaver-builder-1243-cross-site-scripting</loc>
<lastmod>2020-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tweaker5/tweaker5-12-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-09-12T21:30:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6426-reflected-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-chat/wise-chat-333-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/wp-customer-reviews-308-cross-site-request-forgery</loc>
<lastmod>2014-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy-pro/academy-lms-pro-338-unauthenticated-sensitive-information-exposure-via-enqueue_social_login_script</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator/seraphinite-accelerator-22721-cross-site-request-forgery-to-multiple-administrative-actions</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-prices/wholesale-suite-215-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iq-quotation-page/instant-quoteco-quotation-page-134-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:26:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-app-banner/smart-app-banner-112-cross-site-request-forgery-via-wsl_smart_app_banner_options</loc>
<lastmod>2023-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workreap/workreap-themes-plugin-336-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-163-directory-listing-to-information-disclosure</loc>
<lastmod>2015-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-like-dislike/comments-like-dislike-112-add-likedislike-bypass</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vaultpress/vaultpress-19-remote-code-execution</loc>
<lastmod>2017-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ppv-live-webcams/paid-videochat-turnkey-site-html5-ppv-live-webcams-7320-authenticated-author-privilege-escalation</loc>
<lastmod>2026-03-06T16:42:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ar-for-wordpress/ar-for-wordpress-77-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41016-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-youtube-videos/responsive-videos-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-03T14:19:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mytweetlinks/mytweetlinks-111-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-manager-for-elementor/page-manager-for-elementor-205-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-polish-map/interactive-polish-map-12-authenticated-admi-stored-cross-site-scripting</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gerencianet-official/gerencianet-oficial-313-unauthenticated-information-exposure</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-4791-missing-authorization-to-unauthenticated-content-spoofing</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/distance-rate-shipping-for-woocommerce/distance-rate-shipping-for-woocommerce-134-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-51101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-cvr-payment-gateway/woocommerce-cvr-payment-gateway-610-missing-authorization-to-authenticated-contributor-cvr-update</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedburner-optin-form/feedburner-optin-form-028-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/onepagewebsite/onepagewebsite-unknown-versions-full-path-disclosure</loc>
<lastmod>2012-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qwiz-online-quizzes-and-flashcards/qwiz-online-quizzes-and-flashcards-337-reflected-cross-site-scripting</loc>
<lastmod>2019-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-152-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-12-03T21:28:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-63-cross-site-request-forgery-via-aaldeletelink-function</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/we-blocks/we-blocks-135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-embed-thumbnail-generator/videopack-formerly-video-embed-thumbnail-generator-11-full-path-disclosure</loc>
<lastmod>2012-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-memberships-groups-and-communities-286-remote-code-execution</loc>
<lastmod>2018-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kumihimo/kumihimo-102-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suredash/suredash-110-authenticated-subscriber-information-disclosure</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-176-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/go-social/go-social-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-compare-products/compare-products-for-woocommerce-321-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T16:03:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/local-magic/local-magic-260-missing-authorization</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surbma-minicrm-shortcode/surbma-minicrm-shortcode-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:21:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-860-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-cards-meta/twitter-cards-meta-245-cross-site-request-forgery</loc>
<lastmod>2017-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-portfolio/portfolio-gallery-148-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aviation-weather-from-noaa/aviation-weather-from-noaa-072-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-ultimate-template-builder-for-elementor-218-authenticated-contributor-stored-cross-site-scripting-via-events-card-widget</loc>
<lastmod>2024-09-06T01:19:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-rebuilder/login-rebuilder-120-cross-site-request-forgery</loc>
<lastmod>2014-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-timeline/post-timeline-225-reflected-cross-site-scripting</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bus-ticket-booking-with-seat-reservation/bus-ticket-booking-with-seat-reservation-543-cross-site-request-forgery</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-362-missing-authorization</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/srs-simple-hits-counter/srs-simple-hits-counter-110-cross-site-request-forgery</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-182-cross-site-request-forgery-via-futurio_extra_reset_mod</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-quantity-dropdown-for-woocommerce/product-quantity-dropdown-for-woocommerce-12-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-466-unauthenticated-arbitrary-file-download</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/go_pricing/go-pricing-wordpress-responsive-pricing-tables-3319-authenticated-subscriber-php-object-injection</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/samex/samex-clean-minimal-shop-woocommerce-wordpress-theme-26-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-buttons-social-sharing-icons-121-unspecified-vulnerabilities</loc>
<lastmod>2015-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-calendar-wd/event-calendar-1150-reflected-cross-site-scripting</loc>
<lastmod>2021-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-ad-manager/easy-ad-manager-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wizors-investments/wizors-212-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pegapoll/pegapoll-102-unauthenticated-arbitrary-options-update</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-elementor/essential-addons-for-elementor-pro-best-elementor-templates-widgets-kits-woocommerce-builders-5814-authenticated-contributor-stored-cross-site-scripting-via-team-member-carousel-widget</loc>
<lastmod>2024-05-28T19:01:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-calendar-for-elementor/simple-calendar-for-elementor-165-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bonway-static-block-editor/bonway-static-block-editor-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/occasions/occasions-11-cross-site-request-forgery</loc>
<lastmod>2013-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adiaha-hotel/flights-hotels-booking-wp-plugin-31-missing-authorization</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-mpg-347-authenticated-contributor-sql-injection</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandtour/grand-tour-562-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookie-allow/weepie-cookie-allow-3411-unauthenticated-sql-injection-via-consent-parameter</loc>
<lastmod>2026-05-04T17:38:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/encyclopedia-lexicon-glossary-wiki-dictionary/encyclopedia-glossary-wiki-1760-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-855-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-310-authenticated-admin-stored-cross-site-scripting-via-critical-css-settings</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-094-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moveme/moveme-1215-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-global-search/buddypress-global-search-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-330-reflected-cross-site-scripting</loc>
<lastmod>2017-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adicons/adicon-server-12-authenticated-admin-sql-injection</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fileorganizer/fileorganizer-109-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-29T02:34:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-facebook/wdsocialwidgets-1011-cross-site-scripting</loc>
<lastmod>2015-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-get-more-website-traffic-email-subscribers-and-social-followers-11213-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kunze-law/kunze-law-21-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-01-13T16:42:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta-manager/user-meta-manager-347-authenticated-blind-sql-injection</loc>
<lastmod>2015-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-summary/blog-summary-012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brzon/associados-amazon-plugin-08-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:31:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reuse-builder/reuse-builder-17-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-03T16:02:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-members-only/bbpress-members-only-121-cross-site-request-forgery</loc>
<lastmod>2019-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-eventbrite-events/import-eventbrite-events-174-reflected-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dh-anti-adblocker/dh-anti-adblocker-36-cross-site-request-forgery</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-my-account-for-woocommerce/customize-my-account-for-woocommerce-183-cross-site-request-forgery-via-restore_my_account_tabs</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sync-wc-google/bulk-product-sync-86-unauthenticated-sql-injection</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishsuite/wishsuite-144-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/billingo/official-integration-for-billingo-425-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-users/wp-email-users-176-sql-injection</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-442-directory-traversal-via-_file_upload</loc>
<lastmod>2023-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-124-cross-site-request-forgery-to-plugin-language-translation-reset</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brands-for-woocommerce/brands-for-woocommerce-3822-missing-authorization-to-unauthenticated-order-manipulation-and-information-retrieval</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-dashboard-for-wp/exactmetrics-810-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-meta-box/wp-multiple-meta-box-100-sql-injection</loc>
<lastmod>2016-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-209-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-71110-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft3/formcraft-3911-missing-authorization-to-plugin-data-export-in-formcraft-mainphp</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/immopress/immopress-004-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/business-one-page/business-one-page-129-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-1584-authenticated-subscriber-csv-injection</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-countdown/widget-countdown-271-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/staging-cdn/staging-cdn-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg_universal_video_player_addon_visual_composer/universal-video-player-addon-for-wpbakery-page-builder-321-reflected-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesmanago/salesmanago-390-missing-authorization</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-443-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-featured-content-slider/wp-featured-content-slider-26-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-913-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2015-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publitio/publitio-223-authenticated-contributor-information-exposure</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-603-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-title-checker/duplicate-title-checker-12-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/wallet-for-woocommerce-154-authenticated-subscriber-sql-injection-via-searchvalue</loc>
<lastmod>2024-07-11T19:55:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-475-mishandling-post-meta-values-via-xml-rpc</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-wordpress-cloud-backup-migration-restore-cloning-plugin-238-missing-authorization-to-unauthenticated-backup-failure</loc>
<lastmod>2025-12-02T15:27:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/si-captcha-for-wordpress/si-captcha-anti-spam-276-reflected-cross-site-scripting</loc>
<lastmod>2014-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-617-missing-authorization-to-authenticated-subscriber-arbitrary-form-creation-via-ai-builder</loc>
<lastmod>2026-01-06T20:40:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-vcard-generator/contact-form-vcard-generator-24-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wemail/wemail-1142-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-1256-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lingotek-translation/ray-enterprise-translation-171-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-altcoin-payment-gateway/bitcoin-altcoin-payment-gateway-for-woocommerce-176-unauthenticated-sql-injection</loc>
<lastmod>2025-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinmonster/popup-builder-by-optinmonster-wordpress-popups-for-optins-email-newsletters-and-lead-generation-2153-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-orphanage-extended/wp-orphanage-extended-12-cross-site-request-forgery-to-orphan-account-privilege-escalation</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ownerrez/ownerrez-120-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-355-unauthenticated-dom-based-reflected-cross-site-scripting</loc>
<lastmod>2022-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2leads/wp2leads-327-missing-authorization</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-stats/seriously-simple-stats-160-reflected-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-171001-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-multilingual-cms-4612-authenticated-contributor-remote-code-execution-via-twig-server-side-template-injection</loc>
<lastmod>2024-08-21T08:00:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-plugin-190-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2008-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pay-with-tweet/pay-with-tweet-11-cross-site-scripting</loc>
<lastmod>2012-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-512-unauthenticated-settings-update-to-remote-code-execution</loc>
<lastmod>2019-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-190-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rt18-extensions/rt-theme-18-extensions-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2662-missing-authorization-checks-to-private-pagepost-data-disclosure</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-1015-authenticated-contributor-stored-cross-site-scripting-via-animated-box-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/wordpress-contact-forms-by-cimatti-157-cross-site-request-forgery-via-_accua_forms_form_edit_action</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scheduled-posts/schedulepress-513-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-15T16:16:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator-le/store-locator-plus-4511-cross-site-scripting</loc>
<lastmod>2016-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moloni/moloni-474-reflected-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-5439-cross-site-scripting</loc>
<lastmod>2021-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-compression/jpg-png-compression-and-optimization-1735-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-355-unauthenticated-full-path-dislcosure</loc>
<lastmod>2024-08-08T20:37:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nrgfashion/the-fashion-model-agency-one-page-beauty-theme-144-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iksweb/-37-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magicpost/magicpost-121-authenticated-contributor-stored-cross-site-scripting-via-wb_share_social-shortcode</loc>
<lastmod>2024-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliderpro/slider-pro-486-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apa-register-newsletter-form/apa-register-newsletter-form-100-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-urls/simple-urls-118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-message/stock-message-110-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-multi-criteria-rating-reviews-for-woocommerce-1627-missing-authorization</loc>
<lastmod>2024-05-16T07:36:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wow-moodboard-lite/wow-moodboard-lite-1111-open-redirect</loc>
<lastmod>2015-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobboardwp/jobboardwp-121-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formlift/formlift-for-infusionsoft-web-forms-7520-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/wp-customer-reviews-366-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wlm-api/better-wishlist-api-114-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-woo-custom-product-variation/opal-woo-custom-product-variation-120-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-facebook-plugin/simple-like-page-plugin-151-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventin-pro/wordpress-event-manager-event-calendar-and-booking-plugin-4024-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multilang-contact-form/multilang-contact-form-15-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/annonces/annonces-1201-arbitrary-file-upload</loc>
<lastmod>2012-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/widgetkit-254-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apptivo-business-site/apptivo-business-site-crm-53-cross-site-request-forgery-to-ip-address-block</loc>
<lastmod>2025-02-18T19:30:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compfight/compfight-15-reflected-cross-site-scripting</loc>
<lastmod>2014-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-compare/yith-woocommerce-compare-2370-cross-site-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otm-accessibly/accessibly-303-missing-authorization-to-unauthenticated-stored-cross-site-scripting-via-widget-source-injection-via-rest-api</loc>
<lastmod>2026-04-14T19:47:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-addon-uploads/file-uploads-addon-for-woocommerce-173-missing-authorization</loc>
<lastmod>2026-01-10T07:10:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-woocommerce-frontend-manager-6725-insecure-direct-object-references-to-autenticated-vendor-arbitrary-postproduct-manipulation</loc>
<lastmod>2026-04-03T19:36:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forum/wp-forum-23-multiple-sql-injections</loc>
<lastmod>2009-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recently/recently-304-arbitrary-file-upload-to-remote-code-exectution</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-14109-missing-authorization</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-881-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coblocks/page-builder-gutenberg-blocks-coblocks-3116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/maps-486-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocks-post-grid/blocks-post-grid-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wph-recipes-manager/recipes-manager-wph-104-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resideo-plugin/resideo-plugin-for-resideo-real-estate-wordpress-theme-254-authenticated-subscriber-insecure-direct-object-reference-to-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-09-09T17:42:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-syndication-toolkit/content-syndication-toolkit-13-unauthenticated-server-side-request-forgery-via-url-parameter</loc>
<lastmod>2026-03-20T15:09:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-265-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-126-missing-authorization</loc>
<lastmod>2024-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-267-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-841-reflected-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-child-list/sb-child-list-45-cross-site-request-forgery-via-sb_cl_update_settings</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3274-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-press-pro/music-press-pro-146-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-lite-version-2835-authenticated-contributor-stored-cross-site-scripting-via-type-parameter</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-extra-fields/user-extra-fields-170-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child/mainwp-child-345-authentication-bypass</loc>
<lastmod>2018-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-popup-box/modal-popup-box-161-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-triggered-animations/animator-3010-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shipment-tracker-for-woocommerce/shipment-tracker-for-woocommerce-1532-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acymailing/acymailing-1082-missing-authorization-to-authenticated-subscriber-privilege-escalation-via-acymailing_router</loc>
<lastmod>2026-05-19T18:19:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/offset-writing/offset-writing-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sweet-dessert/sweet-dessert-1113-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-sms-order-notification-otp-verification/miniorange-otp-verification-and-sms-notification-for-woocommerce-438-missing-authorization-to-unauthenticated-notification-settings-modification</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kargo-takip-turkiye/kargo-takip-024-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webarx/webarx-130-stored-cross-site-scripting</loc>
<lastmod>2018-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-extended/advanced-custom-fields-extended-0923-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-05-12T09:54:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-wp-reset/advanced-wordpress-reset-15-reflected-cross-site-scripting</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybooktable/mybooktable-bookstore-322-reflected-cross-site-scripting</loc>
<lastmod>2019-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twb-woocommerce-reviews/twb-woocommerce-reviews-175-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ag-custom-admin/custom-dashboard-login-page-695-admin-stored-cross-site-scripting</loc>
<lastmod>2021-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-2119-authenticated-author-arbitrary-file-upload-via-svg-upload-bypass</loc>
<lastmod>2025-11-10T22:26:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/game-users-share-buttons/game-users-share-buttons-130-authenticated-subscriber-arbitrary-file-deletion-via-themenameid-parameter</loc>
<lastmod>2025-06-27T17:19:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-293-security-bypass</loc>
<lastmod>2014-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwjob/inwave-jobs-358-missing-authorization</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3891-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-tabs/responsive-tabs-with-woocommerce-product-tab-extension-354-unauthenticated-arbitrary-option-update</loc>
<lastmod>2021-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-322-missing-authorization-to-unauthenticated-arbitrary-user-approval-denial-and-information-disclosure</loc>
<lastmod>2026-01-27T17:49:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saaspricing/saaspricing-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/wordpress-contact-forms-by-cimatti-192-cross-site-request-forgery-via-process_bulk_action-function</loc>
<lastmod>2024-11-26T22:58:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-cover/buddypress-cover-2142-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xm-backup/xm-backup-091-cross-site-request-forgery</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-folio/simple-folio-110-cross-site-request-forgery</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-interest-slider/loan-repayment-calculator-and-application-form-293-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-21-cross-site-request-forgery-to-denial-of-service</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-account-page-editor/my-account-page-editor-131-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2023-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-284-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-483-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2019-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-323-unauthenticated-bypass-vulnerability</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooshark-aliexpress-importer/sharkdropship-for-aliexpress-dropship-and-affiliate-224-missing-authorization</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-plugin-1531-sql-injection</loc>
<lastmod>2019-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-views-count/page-view-counts-248-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-973-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stepbyteservice-openstreetmap/openstreetmap-for-gutenberg-and-wpbakery-page-builder-formerly-visual-composer-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravityforms-2901-2913-unauthenticated-stored-cross-site-scripting-via-style_settings-parameter</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1828-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sight/sight-professional-image-gallery-and-portfolio-112-missing-authorization-to-sensitive-information-exposure-in-handler_post_title</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixfort-core/pixfort-core-3222-reflected-cross-site-scripting</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/matomo/matomo-analytics-510-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/static-block/static-block-22-insecure-direct-object-reference-to-authenticated-contributor-sensitive-information-disclosure-via-shortcode-id-attribute</loc>
<lastmod>2026-06-15T16:26:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lgpd-framework/lgpd-framework-202-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/parallelus-intersect/parallelus-unite-interscet-traject-salutation-20-reflected-cross-site-scripting</loc>
<lastmod>2012-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-junkie-shortcodes/tj-shortcodes-013-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-540-authenticated-contributor-stored-cross-site-scripting-via-slider-and-post-carousel-widgets</loc>
<lastmod>2025-05-26T12:53:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-product-fields-for-woocommerce/advanced-product-fields-product-addons-for-woocommerce-1617-cross-site-request-forgery-to-product-field-group-duplication-and-publication</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41031-authenticated-contributor-stored-cross-site-scripting-via-menu-and-shape-divider</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1255-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/machform-shortcode/machform-shortcode-141-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-addpub/wp-addpub-128-authenticated-contributor-sql-injection</loc>
<lastmod>2025-06-05T17:50:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-6420-missing-authorization-to-unauthenticated-arbitrary-listing-modification</loc>
<lastmod>2026-02-17T20:07:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-showcase-ultimate/logo-showcase-ultimate-144-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-1024-authenticated-contributor-sql-injection</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-shipping-method-for-woocommerce/hide-shipping-method-for-woocommerce-151-missing-authorization</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-10303-cross-site-request-forgery</loc>
<lastmod>2025-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-jwt-login/simple-jwt-login-320-cross-site-request-forgery</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint/3dprint-3569-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2022-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-protector/image-protector-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-connect/social-connect-0101-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-user-enumeration/stop-user-enumeration-124-security-bypass</loc>
<lastmod>2014-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-facebook-reviews/wp-review-slider-110-sql-injection</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/onleash/onleash-152-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-donation-plugin-1650-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-front-end-profile/wp-front-end-profile-021-privilege-escalation</loc>
<lastmod>2016-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-builder/mobile-builder-142-authentication-bypass</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/ultimate-review-237-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-audio-player/html5-audio-player-212-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mymedi/mymedi-177-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5970-unauthenticated-stored-cross-site-scripting-via-mediahref-parameter</loc>
<lastmod>2026-02-12T00:17:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defa-online-image-protector/defa-online-image-protector-free-edition-34-reflected-cross-site-scripting</loc>
<lastmod>2016-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-yandex-maps-field/acf-yandex-maps-field-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpo-shortcodes/cpo-shortcodes-150-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ymc-smart-filter/filter-grids-320-unauthenticated-sql-injection</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-import-export-woocommerce/wordpress-comments-import-export-243-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-06-02T10:16:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tenweb-speed-optimizer/10web-booster-2327-authenticated-subscriber-arbitrary-folder-deletion-via-two_clear_page_cache</loc>
<lastmod>2025-12-05T18:28:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-advanced-sales-report-email/sales-report-email-for-woocommerce-280-missing-authorization-for-email-functionality</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-406-missing-authorization-via-save</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-views/vr-views-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribe/email-subscription-popup-1222-authenticated-contributor-stored-cross-site-scripting-via-print_email_subscribe_form-shortcode</loc>
<lastmod>2024-11-18T21:46:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ecommerce-zone/ecommerce-zone-097-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-better-permalinks/wp-better-permalinks-305-cross-site-request-forgery</loc>
<lastmod>2019-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mpl-publisher/mpl-publisher-1302-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-15T19:23:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-262-missing-authorization-to-unauthenticated-limited-options-update</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweet-wheel/tweet-wheel-1033-reflected-cross-site-scripting</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-show-post-pro/multiple-shapedplugin-plugins-various-versions-backdoored-software</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchwp-live-ajax-search/searchwp-live-ajax-search-161-sensitive-information-disclosure</loc>
<lastmod>2022-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediabay/mediabay-wordpress-media-library-folders-14-reflected-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-live-cricket-lite/ultimate-live-cricket-wordpress-lite-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-401-724-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-04-03T15:44:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-widget/wp-social-widget-231-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-681-unauthenticated-sql-injection</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-forms/super-forms-drag-drop-form-builder-wordpress-603-reflected-cross-site-scripting</loc>
<lastmod>2022-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-74-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons-pro/happy-addons-for-elementor-2230-pro-version-1170-stored-cross-site-scripting</loc>
<lastmod>2021-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-links/affiliate-links-lite-310-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-from-yml/import-from-yml-3117-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-forms-2019-authenticated-sql-injection</loc>
<lastmod>2015-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpify-woo/wpify-woo-withdrawal-crnvat-qr-payments-heureka-and-more-for-woocommerce-541-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2026-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buymeacoffee/buy-me-a-coffee-button-and-widget-plugin-36-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsecure/bsecure-137-179-missing-authorization-to-unauthenticated-privilege-escalation-via-order_info-rest-endpoint</loc>
<lastmod>2025-07-21T20:53:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-and-social-locker-arsocial/social-share-and-social-locker-arsocial-141-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-cookies-policy/easy-cookies-policy-162-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2021-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-elementor/essential-addons-for-elementor-pro-548-reflected-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-date-countdown/peters-date-countdown-200-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-02-04T20:34:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-management/mojoomla-hospital-management-system-for-wordpress-theme-22-05-2018-sql-injection</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-descriptions/fv-descriptions-14-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posttabs/posttabs-2106-cross-site-request-forgery</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googledrive-folder-list/googledrive-folder-list-222-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-1235-sql-injection</loc>
<lastmod>2020-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nika/nika-1214-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2100-unauthenticated-stored-cross-site-scripting-via-single-product-field-inside-repeater</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-seo-extension/mainwp-wordpress-seo-extension-401-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arena-liveblog-and-chat-tool/arenaim-live-blogging-for-real-time-events-041-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-12-11T15:30:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/wptravelly-217-missing-authorization</loc>
<lastmod>2026-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha/captcha-430-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-309-sql-injection</loc>
<lastmod>2018-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pojo-accessibility/ally-web-accessibility-usability-380-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2025-10-15T14:08:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-login-lite-for-woocommerce/social-login-lite-for-woocommerce-160-authentication-bypass</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/talkjs/talkjs-0115-authenticated-administrator-stored-cross-site-scripting-via-welcomemessage-parameter</loc>
<lastmod>2026-02-18T15:58:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-370-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendit/sendit-wp-newsletter-251-authenticated-admin-sql-injection</loc>
<lastmod>2021-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-right-now/real-estate-property-2024-create-your-own-fields-and-search-bar-wp-plugin-448-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-250-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fbpromotions/bugs-go-viral-facebook-promotion-generator-134-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/select-core/select-core-26-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-comments/subscribe-to-comments-212-local-file-includion</loc>
<lastmod>2015-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-amazon-ses/smtp-for-amazon-ses-19-authenticated-administrator-sql-injection</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-site-protector/wp-site-protector-20-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-561-authenticated-contributor-stored-cross-site-scripting-via-custom_attributes</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-staging-extension/mainwp-staging-extension-403-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-517-authenticated-subscriber-csv-injection</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-widget/category-widget-202-reflected-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-in/stock-in-out-104-sql-injection</loc>
<lastmod>2021-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/voting-record/voting-record-20-cross-site-request-forgery-to-settings-update-and-cross-site-scripting</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-return-product/wc-return-products-15-reflected-cross-site-scripting</loc>
<lastmod>2025-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canvas/canvas-252-authenticated-contributor-stored-cross-site-scripting-via-tag-block-attribute</loc>
<lastmod>2026-06-12T19:04:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-use-constructor-to-create-tables-1066-reflected-cross-site-scripting</loc>
<lastmod>2025-02-17T19:21:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-navigation/mobile-navigation-15-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sola-testimonials/super-testimonials-300-cross-site-request-forgery</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-845-cross-site-request-forgery</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3150-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-203-authenticated-admin-stored-cross-site-scripting-via-license-parameter</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-12505-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kraken-image-optimizer/krakenio-image-optimizer-269-missing-authorization-to-authenticated-subscriber-plugin-options-update</loc>
<lastmod>2023-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wamate-confirm/wamate-confirm-201-missing-authorization-to-authenticated-subscriber-arbitrary-phone-number-blockingunblocking</loc>
<lastmod>2026-02-10T20:04:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-531-missing-authorization-to-notice-dismisaal</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-recurring-payments/easy-digital-downloads-recurring-payments-23-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-bmi-calculator/cc-bmi-calculator-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3249-ip-blocking-bypass</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-text-block/animated-text-block-107-missing-authorization</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/local-development/local-development-282-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/christian-science-bible-lesson-subjects/christian-science-bible-lesson-subjects-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedpress-generator/feedpress-generator-external-rss-frontend-customizer-121-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T21:29:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-easy-automation-integration-webhooks-workflow-builder-plugin-6402-missing-authorization</loc>
<lastmod>2025-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-446-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accredible-certificates/accredible-certificates-open-badges-149-authenticated-administrator-sql-injection-via-orderby-parameter</loc>
<lastmod>2025-04-09T18:13:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chameleon-jobs/chameleoni-jobs-254-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-ab-tests-and-heatmaps-for-better-conversion-optimization-827-authenticated-editor-remote-code-execution</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-296-authenticated-arbitrary-profile-creation-and-stored-cross-site-scripting</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/petsworld/pet-world-28-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-elementor-addons/wpzoom-addons-for-elementor-templates-widgets-1138-authenticated-contributor-stored-cross-site-scripting-via-team-members-widget</loc>
<lastmod>2024-06-19T14:14:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-cloud-library/tagdiv-cloud-library-392-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-contentSlider/lambertgroup-allinone-content-slider-38-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/temporary-login/temporary-login-100-authentication-bypass-to-account-takeover</loc>
<lastmod>2026-04-30T20:59:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-headers-and-footers-script/insert-headers-and-footers-code-ht-script-116-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-11-07T14:55:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-born-babies/-wp-born-babies-plugin-10-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/estrutura-basica/estrutura-basica-all-known-versions-path-traversal</loc>
<lastmod>2015-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcp-contact-form/wcp-contact-form-310-missing-authorization</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpguppy-lite/wpguppy-114-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aeropage-sync-for-airtable/aeropage-sync-for-airtable-320-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/f4-media-taxonomies/f4-media-taxonomies-114-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-background/ap-background-382-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T21:28:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superior-faq/superior-faq-102-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-text-slider-50/wp-photo-text-slider-50-81-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:58:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-google-analytics/analytics-170-multiple-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-quiz/ai-quiz-11-missing-authorization</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-php-settings/easy-php-settings-104-authenticated-administrator-php-code-injection-via-wp_memory_limit-setting</loc>
<lastmod>2026-03-06T11:26:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-155-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-advance-product-search/th-advance-product-search-114-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neon-text/neon-text-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getastra/astra-security-suite-firewall-malware-scan-02-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-11-10T15:11:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smtp/solid-mail-smtp-email-and-logging-made-by-solidwp-215-unauthenticated-stored-cross-site-scripting-via-email</loc>
<lastmod>2025-05-22T23:53:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toocheke-companion/toocheke-companion-1166-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-marketplace-362-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-carousel-slider/logo-carousel-slider-213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/image-gallery-responsive-photo-gallery-107-sql-injection</loc>
<lastmod>2014-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-missing-authorization-in-categorifyajaxrenamecategory</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-721-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/downloader-tiktok/video-downloader-for-tiktok-14-directory-traversal</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chic-lite/chic-lite-113-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realty/realty-by-bestwebsoft-110-reflected-cross-site-scripting</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-structuring-markup/markup-481-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-repeater/content-repeater-custom-posts-simplified-1113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himer/himer-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-5221-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator-pro/duplicator-1328-directory-traversal</loc>
<lastmod>2020-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedocs/wedocs-2118-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweeple/tweeple-095-reflected-cross-site-scripting-via-id</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protect-page/ppwp-password-protect-pages-1910-authenticated-subscriber-content-exposure-via-rest-api</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-member-private-conversation/nmedia-wordpress-member-conversation-14-arbitrary-file-upload</loc>
<lastmod>2012-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-1531-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2026-05-12T15:28:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-1704-authenticated-author-sql-injection</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hot-coffee/hot-coffee-17-unauthenticated-php-object-injection</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-product-filter/premmerce-product-filter-for-woocommerce-372-missing-authorization</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-page-builder-features-3242-authenticated-contributor-stored-cross-site-scripting-in-google-maps-widget</loc>
<lastmod>2024-06-26T12:09:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-client-photo-gallery-photo-proofing-for-photographers-367-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-variation-swatches/variation-swatches-for-woocommerce-1061-reflected-cross-site-scripting</loc>
<lastmod>2019-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite/pixelyoursite-930-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-title-tag/seo-title-tag-359-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-285-arbitrary-file-upload</loc>
<lastmod>2009-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery-with-slideshow/image-gallery-with-slideshow-152-sql-injection-via-selectmulgallery</loc>
<lastmod>2017-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-261-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-397-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-course-content-modification</loc>
<lastmod>2026-04-10T12:00:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-430-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apartment-management/wpams-440-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-plugin-323-cross-site-scripting</loc>
<lastmod>2012-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-filter/search-filter-1215-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-12-remote-code-execution</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-email-marketing-newsletters-automation-for-wordpress-woocommerce-5734-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-16810-authenticated-administrator-arbitrary-file-deletion</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2816-authenticated-contributor-stored-cross-site-scripting-via-page_title</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workup/workup-job-board-wordpress-theme-215-reflected-cross-site-scripting</loc>
<lastmod>2020-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-schema-block-to-accordion/turn-yoast-seo-faq-block-to-accordion-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/madara-core/madara-core-223-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-16T14:03:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-test-drive/theme-test-drive-29-reflected-cross-site-scripting</loc>
<lastmod>2015-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-backup-reset/royal-wordpress-backup-restore-plugin-1016-reflected-cross-site-scripting-via-wpr_pending_template-parameter</loc>
<lastmod>2026-04-09T12:23:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/user-feedback-107-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2624-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-2014-authenticated-editor-remote-code-execution-via-shortcode</loc>
<lastmod>2025-12-29T06:04:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-share-vod/video-share-vod-turnkey-video-site-builder-script-2631-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-4112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-wp-mail/ultimate-wp-mail-135-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fivestar/fivestar-17-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/answer-my-question/answer-my-question-12-cross-site-scripting</loc>
<lastmod>2012-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-copy-protector/wp-content-copy-protection-no-right-click-359-cross-site-request-forgery</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/short-tax-post/reales-wp-stpt-212-unauthorized-user-registration</loc>
<lastmod>2025-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-retina-2x/perfect-images-522-cross-site-scripting</loc>
<lastmod>2018-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webriti-custom-login-page/webriti-custom-login-03-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-gamification-plugin-to-reward-points-achievements-badges-ranks-in-wordpress-763-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-mailchimp-extension/contact-form-7-extension-for-mailchimp-0573-cross-site-request-forgery</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pull-this/pull-this-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mtouch-quiz/mtouch-quiz-312-cross-site-request-forgery</loc>
<lastmod>2015-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epoll-wp-voting/wp-poll-maker-31-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travel-light/travel-light-10-cross-site-request-forgery</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/montonio-for-woocommerce/montonio-for-woocommerce-1012-missing-authorization</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loco-translate/loco-translate-282-authenticated-translator-path-traversal-to-limited-file-read-via-ref-parameter</loc>
<lastmod>2026-05-04T13:32:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopcred/shopcred-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woffice/woffice-548-reflected-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-xpro-addons-for-elementor-free-1462-authenticated-contributor-post-disclosure-via-post-duplication</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2039-cross-site-request-forgery</loc>
<lastmod>2019-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-erudite/the-erudite-278-cross-site-scripting</loc>
<lastmod>2011-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-413-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drop-shadow-boxes/drop-shadow-boxes-1714-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2024-11-15T15:01:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grandconference-custom-post/grand-conference-theme-custom-post-type-264-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-authenticated-editor-stored-cross-site-scripting-via-comments</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backitup/backup-and-restore-wordpress-150-cross-site-request-forgery-to-backup-trigger</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nm-visitors/wordpress-visitors-10-unauthenticated-stored-cross-site-scripting-via-http-header</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wpzoom-inspiro-pro/inspiro-pro-722-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image/featured-image-21-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:23:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnipress/omnipress-154-authenticated-contributor-post-disclosure</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-ad-changer/cm-ad-changer-176-cross-site-scripting</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-410-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-mpg-340-missing-authorization-via-mpg_get_log_by_project_id</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folders-pro/folders-pro-302-authenticatedauthor-arbitrary-file-upload-via-handle_folders_file_upload</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-return-warrranty/return-and-warranty-management-system-for-woocommerce-123-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1192-missing-authorization</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-photo-feed-widget/widgets-for-social-photo-feed-178-missing-authorization</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-852-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tweet-walls/wp-tweet-walls-103-cross-site-request-forgery</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-popular-posts-plugin-for-wordpress-322-authenticated-contributor-stored-cross-site-scripting-via-blocks</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-905-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-to-rest-api/acf-to-rest-api-334-unauthenticated-information-exposure</loc>
<lastmod>2025-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-239-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board/job-board-by-bestwebsoft-100-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2014-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cherry-plugin/cherry-plugin-127-arbitrary-file-upload</loc>
<lastmod>2015-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-404-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evergreen-content-poster/evergreen-content-poster-141-reflected-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/antisnews/antisnews-109-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-3622-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-7621-unauthenticated-html-injection</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-cleaner/lws-cleaner-2413-authenticated-administrator-arbitrary-file-deletion-via-lws_cl_delete_file</loc>
<lastmod>2025-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth-twitter-feed-for-developers/oauth-twitter-feed-for-developers-230-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-photo/user-photo-095-cross-site-scripting</loc>
<lastmod>2012-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marquee-elementor/marquee-elementor-with-posts-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedweb/feedweb-19-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2013-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saoshyant-slider/saoshyant-slider-30-unauthenticated-php-object-injection</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himer/himer-210-cross-site-request-forgery-to-private-group-join</loc>
<lastmod>2024-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-toolset/database-toolset-184-unauthenticated-sensitive-information-exposure-via-backup-files</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/wordpress-automatic-plugin-203-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-validation-reloaded/comment-validation-reloaded-05-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-smtp/fluentsmtp-224-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooms/wooms-912-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-768-reflected-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-2513-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/check-email/check-log-email-103-reflected-cross-site-scripting</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-legacy-media/import-legacy-media-01-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pricing-tables/easy-pricing-tables-322-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-finder/broken-link-checker-finder-250-authenticated-author-blind-server-side-request-forgery</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/institutions-directory/institutions-directory-134-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-insufficient-access-control-to-template-kit-import</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-enable-webp/wp-enable-webp-10-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2026-01-06T19:45:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-generator/contact-form-generator-271-authenticated-contributor-sql-injection</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/burst-statistics/burst-statistics-privacy-friendly-analytics-for-wordpress-1561-authenticatedcontributor-stored-cross-site-scripting-via-burst_total_pageviews_count</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ctt-expresso-para-woocommerce/ctt-expresso-para-woocommerce-3212-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-516-missing-authorization-to-authenticated-contributor-information-exposure</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dream-carousel/wp-dream-carousel-101b-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-events-calendar/simple-events-calendar-140-authenticated-sql-injection</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-375-authenticated-contributor-sensitive-information-exposure-via-block-editor-prodata-localization</loc>
<lastmod>2026-06-17T16:14:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-div/floating-div-30-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-07-29T14:12:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-personal-data-reports/gdpr-personal-data-reports-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infunding/infunding-plugin-for-charity-crowdfunding-website-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-stream-quiz/ari-stream-quiz-132-authenticatedcontributor-content-injection</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-showcase/video-gallery-youtube-gallery-responsive-video-playlist-351-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swatchly/swatchly-woocommerce-variation-swatches-for-products-120-cross-site-request-forgery-via-plugin_activation</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rays-grid/rays-grid-131-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-best-help-desk-support-plugin-277-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register-premium/pie-register-premium-3833-missing-authorization</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmastertoolkit/wpmastertoolkit-1131-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-568-cross-site-request-forgery</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-02114-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4171-unauthenticated-php-object-injection</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flynax-bridge/flynax-bridge-220-unauthenticated-privilege-escalation-via-password-update</loc>
<lastmod>2025-04-23T19:43:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension-203-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-light/jobboard-job-listing-127-authenticated-employer-insecure-direct-object-reference</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slide-show/smart-slideshow-24-arbitrary-file-upload</loc>
<lastmod>2012-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedder/embedder-13-135-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-04-09T18:12:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-elements/hash-elements-154-authenticated-contributor-information-exposure</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/planetcalc/planetcalc-22-authenticated-contributor-stored-cross-site-scripting-via-language-parameter</loc>
<lastmod>2025-09-29T15:29:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecards-invites/wp-ecards-13904-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-before-download/email-before-download-697-cross-site-request-forgery</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-526-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T10:42:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1311-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-post-submission/frontend-post-submission-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-descriptions/terms-descriptions-346-reflected-cross-site-scripting</loc>
<lastmod>2024-10-23T16:31:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-posts-carousel-pro/responsive-posts-carousel-wordpress-plugin-150-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-3225-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-by-ays-67129-unauthenticated-stored-cross-site-scripting-via-rate_reason</loc>
<lastmod>2026-05-01T21:36:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emc2-custom-help-videos/emc2-custom-help-videos-12-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nanosupport/nanosupport-060-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/responsive-image-gallery-gallery-album-203-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-logo-slider/the-logo-slider-100-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-helper-lite/wp-helper-premium-460-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/bit-form-181-unauthenticated-arbitrary-file-upload-to-remote-code-execution</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-piwik/wp-matomo-integration-wp-piwik-1028-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-restaurant-menu/quick-restaurant-menu-202-insecure-direct-object-reference</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-flipbox-addon-for-elementor/flipbox-addon-for-elementor-211-authenticated-author-stored-cross-site-scripting-via-custom-attributes</loc>
<lastmod>2026-04-17T14:40:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loco-translate/loco-translate-282-reflected-cross-site-scripting-via-update_href-parameter</loc>
<lastmod>2026-03-30T15:35:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-299-authenticated-administrator-sql-injection</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-and-date-remover/wp-meta-and-date-remover-230-cross-site-request-forgery-via-updatesettings</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-noindex-nofollow-tool-ii/ultimate-noindex-nofollow-tool-ii-135-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/db-backup/db-backup-50-directory-traversal</loc>
<lastmod>2014-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/wordpress-social-login-and-register-discord-google-twitter-linkedin-7514-cross-site-request-forgery</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancybox-for-wordpress/fancybox-for-wordpress-335-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-metabox/gallery-metabox-15-missing-authorization-via-gallery_remove</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-470-reflected-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-imap-authentication/wp-imap-auth-401-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-for-bike-car-resort-appointment-dress-equipment-226-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-icon/category-icon-101-authenticated-author-arbitrary-file-download</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lightbox-2/wp-lightbox-2-3067-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webtoffee-product-feed/webtoffee-woocommerce-product-feeds-google-shopping-pinterest-tiktok-ads-more-233-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/porto-functionality/porto-theme-functionality-2111-unauthenticated-sql-injection</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jaroti/jaroti-148-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-206-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nps-computy/nps-computy-280-reflected-cross-site-scripting</loc>
<lastmod>2024-12-03T14:21:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lorem-ipsum-books-media-store/lorem-ipsum-books-media-store-126-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1066-reflected-cross-site-scripting-via-member-edit</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dailyedition/daily-edition-162-arbitrary-file-upload</loc>
<lastmod>2015-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ip-ban/ip-ban-123-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2014-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-2145-authenticated-editor-stored-cross-site-scripting-via-product_description-parameter</loc>
<lastmod>2026-06-18T15:44:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/next-event-calendar/next-event-calendar-12-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-104-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/floating-chat-widget-contact-chat-icons-telegram-chat-line-messenger-wechat-email-sms-call-button-chaty-351-unauthenticated-information-exposure</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-follow/twitter-follow-button-02-authenticated-contributor-stored-cross-site-scripting-via-username-parameter</loc>
<lastmod>2024-11-22T15:00:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arkhe-blocks/arkhe-blocks-2270-authenticated-contributor-stored-cross-site-scripting-via-block-attributes</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cowidgets-elementor-addons/cowidgets-elementor-addons-120-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-08T14:03:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backitup/backup-and-restore-wordpress-backup-plugin-19-sensitive-information-disclosure</loc>
<lastmod>2014-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-63030-unauthenticated-broken-authentication</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fediverse-embeds/fediverse-embeds-153-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-invite-codes/all-in-one-invite-codes-1014-cross-site-scripting</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-custom-taxonmy/cc-custom-taxonomy-101-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-photos/peepso-core-photos-6310-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-google-sheets-connector/cf7-google-sheets-connector-505-unauthenticated-sensitive-information-exposure-via-debug-log</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-explorer/code-explorer-146-authenticated-administrator-arbitrary-file-read-via-file-parameter</loc>
<lastmod>2026-02-03T19:44:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-2330-sensitive-information-exposure</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-signing/lh-signing-283-cross-site-request-forgery</loc>
<lastmod>2025-09-10T18:43:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-shortcode/youtube-shortcode-185-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-terms-popup/wp-terms-popup-260-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/oauth-single-sign-on-sso-oauth-client-6225-authentication-bypass</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cazamba/cazamba-12-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spendino/grn-spendino-spendenformular-101-unauthenticated-arbitrary-options-update</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-2021-missing-authorization-checks</loc>
<lastmod>2016-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-a-meta-field-as-block/meta-field-block-1213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apa-banner-slider/apa-banner-slider-100-cross-site-request-forgery-to-slq-injection</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-151-sql-injection</loc>
<lastmod>2005-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grey-owl-lightbox/grey-owl-lightbox-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:41:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-323-cross-site-request-forgery</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-redirector/qr-redirector-203-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-324-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-08-19T12:31:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-598-authenticated-contributor-stored-cross-site-scripting-via-filterable-gallery</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commenter-emails/commenter-emails-261-unauthenticated-csv-injection</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3109-authenticated-contributor-stored-cross-site-scripting-via-image-accordion</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fw-integration-for-emailoctopus/eo4wp-1084-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-elementor-kit/thim-elementor-kit-118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-form-maker-popup-maker-woocommerce-blocks-post-blocks-post-carousel-combo-blocks-2278-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connect-contact-form-7-to-constant-contact-v3/connect-contact-form-7-to-constant-contact-14-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-flow/zoho-flow-2133-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-230-cross-site-scripting</loc>
<lastmod>2019-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-10303-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-1814-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-12103-reflected-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antispam-bee/antispam-bee-2113-ip-address-spoofing-via-get_client_ip</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joy-of-text/joy-of-text-lite-sms-messaging-for-wordpress-230-unauthenticated-sql-injection</loc>
<lastmod>2022-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery/gallery-221-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/storebiz/storebiz-1032-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-cleaner/wps-cleaner-144-missing-authorization-checks</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-date-year-month/aadmy-add-auto-date-month-year-into-posts-201-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-10-14T18:51:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kunco/kunco-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-image-by-pdfcrowd/save-as-image-321-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnelkit-funnel-builder-for-woocommerce-checkout-31315-unauthenticated-sql-injection</loc>
<lastmod>2025-12-11T18:43:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-malware-protection/malware-scanner-471-ip-spoofing</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/wpbot-ai-chatbot-for-live-support-lead-generation-ai-services-779-unauthenticated-sql-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/similar-posts/similar-posts-best-related-posts-plugin-for-wordpress-316-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-168-reflected-cross-site-scripting-via-themebuilder-parameter</loc>
<lastmod>2026-03-10T13:04:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360-product-rotation/360-product-rotation-148-reflected-cross-site-scripting</loc>
<lastmod>2019-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0910-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-131-unauthenticated-settings-change</loc>
<lastmod>2019-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-image/category-image-20-authenticated-editor-stored-cross-site-scripting-via-tag-image-parameter</loc>
<lastmod>2026-02-10T20:03:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filter-portfolio-gallery/filter-portfolio-gallery-15-cross-site-request-forgery</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-2010-missing-authentication-to-mailchimp-api-key-update</loc>
<lastmod>2024-07-19T17:42:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-thumbnails/video-thumbnails-2123-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/atahualpa/atahualpa-3724-cross-site-scripting-via-cross-site-request-forgery</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animation-addons-for-elementor-pro/animation-addons-for-elementor-pro-16-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installationactivation</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/raise-mag/wishful-blog-201-raise-mag-107-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-club-manager/wp-club-manager-2211-authenticated-player-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-zoho/integration-for-woocommerce-and-zoho-crm-136-open-redirect-via-setup_plugin</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bm-builder/bm-content-builder-31621-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting-via-ux_cb_page_options_save</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-photo-contest-plugin-for-wordpress-1044-cross-site-request-forgery</loc>
<lastmod>2019-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-post-rss-feed/wp-custom-post-rss-feed-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-link-groups/social-link-groups-110-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-stream/wp-social-stream-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-css-mu/csstidy-server-side-request-forgery</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magazine-blocks/magazine-blocks-1320-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-school-education/vw-school-education-146-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-maker/contact-form-maker-11323-authenticated-administrator-sql-injection</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4122-directory-traversal-to-remote-code-execution</loc>
<lastmod>2020-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turbo-manager/turbo-manager-408-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliderspack-all-in-one-image-sliders/slider-a-sliderspack-202-missing-authorization-via-wp_spaios_save_attachment_data</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-10-227-missing-authorization-to-authenticated-subscriber-privilege-escalation-via-fed_admin_setting_form_function-function</loc>
<lastmod>2025-05-12T17:50:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collectchat/chatbot-for-wordpress-by-collectchat-248-authenticated-contributor-stored-cross-site-scripting-via-post-meta-field</loc>
<lastmod>2026-02-13T18:32:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-5571-code-injection</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mesa-mesa-reservation-widget/mesa-mesa-reservation-widget-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-youtube-integration/streamweasels-youtube-integration-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-192-missing-authorization-via-multiple-ajax-functions</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-21917-missing-authorization</loc>
<lastmod>2026-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpress/sendpress-newsletters-123116-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-421-unauthenticated-privilege-escalation</loc>
<lastmod>2025-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-restaurant-menu/restaurant-menu-and-food-ordering-2410-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vantage/vantage-12032-authenticated-contributor-stored-cross-site-scripting-via-gallery-block-text-content</loc>
<lastmod>2026-04-15T14:58:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teleport/teleport-124-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1317-cross-site-scripting</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/woocommerce-affiliate-plugin-coupon-affiliates-41645-stored-cross-site-scripting</loc>
<lastmod>2022-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pipes/wp-pipes-143-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-css-script-optimizer/js-css-script-optimizer-033-cross-site-request-forgery</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amr-users/amr-users-4593-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dtc-documents/dtc-documents-1105-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-assist/bit-assist-118-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smokesignal/smokesignal-126-cross-site-scripting</loc>
<lastmod>2017-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/all-in-one-addons-for-elementor-widgetkit-248-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3233-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jay-login-register/jay-login-register-2603-authenticated-subscriber-privilege-escalation-via-jay_panel_ajax_update_profile</loc>
<lastmod>2026-02-07T12:47:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects/image-hover-effects-55-cross-site-request-forgery</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erocket/erocket-124-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wccp-pro/wp-content-copy-protection-no-right-click-pro-150-open-redirect</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-photos/live-photos-on-wordpress-01-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T14:51:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-bucketlister/the-bucketlister-015-authenticated-contributor-sql-injection-via-category-and-id-shortcode-attributes</loc>
<lastmod>2026-02-06T20:26:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3499-cross-site-request-forgery-to-plugin-data-deletion-settings-changes</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buybox-widget/widget-buybox-315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:23:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-510-cross-site-request-forgery-to-php-object-injection</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-history/simple-history-5240-unauthenticated-information-exposure</loc>
<lastmod>2026-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epeken-all-kurir/epeken-all-kurir-202-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-widget-bundle/widget-bundle-200-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-manager/wp-event-manager-3151-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-tables-table-charts-premium-631-unauthenticated-sql-injection</loc>
<lastmod>2024-05-31T20:10:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tm-moody/moody-273-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-with-ticket-scanner/event-tickets-with-ticket-scanner-253-cross-site-request-forgery-to-arbitrary-ticket-deletion</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-437-missing-authorization-in-create_mollie_profile</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripetto/wordpress-form-builder-plugin-for-contact-forms-surveys-and-quizzes-tripetto-809-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-14T15:25:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popup-builder/wp-popup-builder-128-reflected-cross-site-scripting</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-portfolio/wpzoom-portfolio-lite-filterable-portfolio-plugin-1421-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-571-reflected-cross-site-scripting</loc>
<lastmod>2017-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-filter-posts/post-grid-master-3410-reflected-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-aliexpress-dropshipping/sharkdropship-dropshipping-for-aliexpress-ebay-amazon-etsy-211-missing-authorization</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-ffl-checkout/g-ffl-checkout-210-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-to-do-list/dashboard-to-do-list-131-cross-site-request-forgery-via-ardtdw_widgetupdate</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backup-plus/wp-backup-2018-11-22-sensitive-information-disclosure</loc>
<lastmod>2019-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-1352-cross-site-request-forgery</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-767-missing-authorization</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-740-authenticted-contributor-stored-cross-site-scripting-via-data-url-attribute</loc>
<lastmod>2025-07-03T14:14:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-icon-widget/rss-icon-widget-52-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T18:24:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5017-authentication-bypass</loc>
<lastmod>2021-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shoutbox/shoutbox-unknown-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toolbar-to-share/toolbar-to-share-20-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-635-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/se-html5-album-audio-player/se-html5-album-audio-player-110-directory-traversal</loc>
<lastmod>2015-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primer-mydata/primer-mydata-for-woocommerce-424-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-create-countdown-coupon-video-contact-form-popups-601-authenticated-administrator-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listivo-core/listivo-core-2377-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-viral-quiz/ultimate-viral-quiz-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-10-02T22:09:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-152-remote-code-execution</loc>
<lastmod>2005-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sports-rankings-lists/sports-rankings-and-lists-102-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woc-open-close/open-close-woocommerce-store-498-missing-authorization</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adl-team/team-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1360-insecure-direct-object-reference-to-submission-manipulation</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-board/wp-board-11beta-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-customer-source/where-did-you-hear-about-us-checkout-field-for-woocommerce-131-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-meta-keyword-and-description/global-meta-keyword-description-23-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/distance-based-shipping-calculator/distance-based-shipping-calculator-2022-missing-authorization</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/treepress/treepress-easy-family-trees-ancestor-profiles-2022-authenticated-administrator-stored-cross-site-scripting-via-post_title-parameter</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safe-svg/safe-svg-199-content-type-bypass</loc>
<lastmod>2022-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adifier-system/adifier-system-317-unauthenticated-arbitrary-password-reset</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/construction-light/construction-light-167-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-5419-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-622-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nertworks-all-in-one-social-share-tools/nertworks-all-in-one-social-share-tools-126-cross-site-request-forgery</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-change-status-notifier/wp-status-notifier-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-06T19:40:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder-pro/cost-calculator-builder-pro-321-unauthenticated-price-manipulation</loc>
<lastmod>2024-09-06T23:09:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-best-wordpress-poll-plugin-518-missing-authorization-to-unauthenticated-email-enumeration</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/check-pincode-for-woocommerce/check-pincode-for-woocommerce-11-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taboola-pixel/taboola-pixel-114-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-property-listing-and-agent-management-68-cross-site-scripting</loc>
<lastmod>2019-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mj-update-history/mj-update-history-104-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-best-quiz-exam-and-survey-plugin-for-wordpress-901-authenticated-contributor-sql-injection</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-834-reflected-cross-site-scripting</loc>
<lastmod>2023-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-math-anti-spam/peters-math-anti-spam-spinoff-100-captcha-bypass</loc>
<lastmod>2008-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trendy-restaurant-menu/trendy-restaurant-menu-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resume-upload-form/upload-resume-120-captcha-bypass-via-resume_upload_form</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-subscriptions/newsletter-subscriptions-21-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T15:20:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-by-funnelkit-31312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-accessibility-helper/wp-accessibility-helper-wah-0625-missing-authorization</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consensu-io/consensuio-103-missing-authorization-via-update_config_db</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-pay-buy-donation-and-cart-buttons-shortcode/paypal-pay-now-buy-now-donation-and-cart-buttons-shortcode-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flask-micro/ide-micro-code-editor-100-authenticated-contributor-stored-cross-site-scripting-via-title-shortcode-attribute</loc>
<lastmod>2026-02-10T20:09:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-push-notification/all-push-notification-for-wp-153-authenticated-administrator-sql-injection-via-delete_id-parameter</loc>
<lastmod>2026-02-03T19:43:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-136-authenticated-contributor-stored-cross-site-scripting-via-toc-block</loc>
<lastmod>2025-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayer/wp-prayer-161-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/base64-encoderdecoder/base64-encoderdecoder-092-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-434-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sumomemberships/sumo-memberships-for-woocommerce-780-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-486-496-authenticated-administrator-stored-cross-site-scripting-in-faq-builder</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider-and-showcase/testimonial-slider-226-stored-cross-site-scripting</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multilingual/woocommerce-multilingual-multicurrency-534-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-price-update/bulk-price-update-for-woocommerce-221-reflected-cross-site-scripting</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-5133-authenticated-admin-stored-cross-site-scripting-via-survey-question</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-forms/caldera-forms-141-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2016-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/layoutboxx/layoutboxx-031-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-05T16:07:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-6282-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discord-invite/wp-discord-invite-251-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcommenttwit/wpcommenttwit-plugin-05-cross-site-scripting</loc>
<lastmod>2014-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4328-missing-authorization-to-authenticated-subscriber-arbitrary-quiz-answer-deletion</loc>
<lastmod>2026-03-23T09:53:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/products-rearrange-woocommerce/product-rearrange-for-woocommerce-122-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aqua-svg-sprite/aqua-svg-sprite-3014-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-12T13:24:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-iframe/auto-iframe-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-5811-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-conversion-pixel/pixel-cat-conversion-pixel-manager-305-reflected-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/manoir/manoir-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-328-authenticated-contributor-sql-injection</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classifieds-listing-1443-authenticated-subscriber-arbitrary-shortcode-execution-via-custom-title</loc>
<lastmod>2025-01-15T11:56:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkfront-wp-booking/checkfront-online-booking-system-36-cross-site-request-forgery</loc>
<lastmod>2023-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1168-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bc-menu-cart-woo/bc-menu-bar-cart-icon-for-woocommerce-by-binary-carpenter-1493-cross-site-request-forgery</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seo-tdk/wp-seo-tdk-212-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/github-gist-shortcode/github-gist-shortcode-plugin-02-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:24:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-coder/wp-coder-252-cross-site-request-forgery</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themehunk-megamenu-plus/easy-mega-menu-plugin-for-wordpress-themehunk-110-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-posts-shortcodes/show-posts-list-110-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-03-20T15:06:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rh-frontend/rh-frontend-publishing-pro-434-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-me-now/login-me-now-172-authentication-bypass</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timber-library/timber-1230-authenticated-admin-php-object-injection</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-wp-security-backup-speed-growth-42-timing-attack</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/petitioner/petitioner-073-missing-authorization</loc>
<lastmod>2026-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-gutenberg-blocks-for-page-builder-features-3510-authenticated-contributor-stored-cross-site-scripting-via-redirecturl-parameter</loc>
<lastmod>2025-07-08T12:14:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moreads-se/moreads-se-146-cross-site-scripting</loc>
<lastmod>2017-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/search-and-go/search-go-28-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-authentication-bypass-via-account-takeover</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/catamaran/catamaran-115-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/storyform/storyform-0614-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator-le/store-locator-plus-5123-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-blacklist-updater/comment-blacklist-updater-110-cross-site-request-forgery-via-update_blacklist_manual</loc>
<lastmod>2023-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paged-gallery/paged-gallery-07-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T17:58:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-official-1718-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-771-authenticatedcontributor-stored-cross-site-scripting-via-section-title-tag</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-manage-fraud-orders/woo-manage-fraud-orders-261-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T17:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-expand-tabs-free/wp-tabs-2212-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tournamatch/tournamatch-461-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-noexternallinks/wp-no-external-links-3516-reflected-cross-site-scripting</loc>
<lastmod>2016-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-478-unauthenticated-information-exposure</loc>
<lastmod>2026-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traffic-manager/traffic-manager-145-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-management/hospital-management-system-47020-11-2023-reflected-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/merge-minify-refresh/merge-minify-refresh-1107-cross-site-request-forgery-leading-to-arbitrary-file-deletion-and-site-reset</loc>
<lastmod>2020-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-bucketlister/the-bucketlister-015-missing-authorization-to-authenticated-subscriber-bucket-list-modification</loc>
<lastmod>2026-02-06T20:26:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lim4wp/lim4wp-111-arbitrary-file-upload</loc>
<lastmod>2012-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-as-customer-or-user/login-as-user-or-customer-32-privilege-escalation</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-maker/contact-form-by-wd-responsive-drag-drop-contact-form-builder-tool-1718-authorization-bypass</loc>
<lastmod>2014-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertplug/convertplug-3525-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-glossary/glossary-312-missing-authorization</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-popup-box/modal-popup-box-popup-builder-show-offers-and-news-in-popup-152-authenticated-contributor-php-object-injection-in-awl_modal_popup_box_shortcode</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7113-cross-site-scripting</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-html-sitemap/wp-simple-html-sitemap-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snippy/snippy-141-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-google-maps/very-simple-google-maps-29-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/availability-calendar/availability-calendar-121-sql-injection</loc>
<lastmod>2021-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amp-extensions/titan-framework-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-calendar/events-calendar-made-simple-pie-calendar-125-authenticated-contributor-stored-cross-site-scripting-via-piecal-shortcode</loc>
<lastmod>2025-02-20T20:08:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-meta-data-and-taxonomies-filter-1336-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-22T21:28:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facilita-form-tracker/facilita-form-tracker-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surerank/surerank-132-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rankchecker-io-integration/rankcheckerio-integration-109-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress/bbpress-259-stored-cross-site-scripting</loc>
<lastmod>2016-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-builder/aio-wp-builder-202-missing-authorization</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0857-missing-authorization</loc>
<lastmod>2016-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-product-labels-for-woocommerce/product-labels-for-woocommerce-158-authenticated-administrator-sql-injection</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-position-google-finance/top-position-google-finance-010-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T21:19:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-823-missing-authorization-on-various-functions</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-locations/instant-locations-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/role-includer/role-includer-16-reflected-cross-site-scripting-via-user_id-parameter</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-watermark/bulk-watermark-1610-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/beacon/beacon-224-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediavine-create/create-by-mediavine-194-unauthenticated-sql-injection-via-id</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-colors-for-real-estate-manager/custom-colors-for-real-estate-manager-10-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stars-testimonials-with-slider-and-masonry-grid/stars-testimonials-334-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-vendors/woocommerce-product-vendors-221-missing-authorization</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-171-cross-site-scripting</loc>
<lastmod>2016-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-confirmation-email/woo-confirmation-email-320-improper-access-control</loc>
<lastmod>2018-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-1857-unauthenticated-stored-cross-site-scripting-via-getcolumncontent_page</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/processingjs-for-wp/processingjs-for-wordpress-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-03T12:18:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-for-images/seo-for-images-100-cross-site-request-forgery</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-469-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-4932-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-28816-authenticated-contributor-stored-cross-site-scripting-via-map-settings</loc>
<lastmod>2024-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress-simple-advert-units/bbpress-simple-advert-units-041-reflected-cross-site-scripting</loc>
<lastmod>2025-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.4/wordpress-core-341-information-disclosure</loc>
<lastmod>2012-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/style-it/style-it-10-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-timelines/wp-timeline-vertical-and-horizontal-timeline-plugin-367-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skaut-bazar/skaut-bazar-133-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nuajik-cdn/nuajik-cdn-010-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress-pro/loginpress-pro-622-unauthenticated-privilege-escalation</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5192-cross-site-request-forgery-leading-to-form-metadata-deletion</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-28149-cross-site-request-forgery</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terminal-africa/terminal-africa-11317-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-w3all-phpbb-integration/wp-w3all-phpbb-298-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-my-account-for-woocommerce/custom-my-account-for-woocommerce-21-cross-site-request-forgery</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-119-missing-authorization</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-projects-document-manager-2595-cross-site-scripting</loc>
<lastmod>2016-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-vendors/wc-vendors-woocommerce-multivendor-woocommerce-marketplace-product-vendors-268-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets/code-snippets-270-reflected-cross-site-scripting</loc>
<lastmod>2016-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-wc-product-filter/themify-woocommerce-product-filter-151-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-checkout-fields/flexible-checkout-fields-for-woocommerce-231-unauthenticated-arbitrary-plugin-settings-update</loc>
<lastmod>2020-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-283-missing-authorization</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-log/email-log-248-unauthenticated-hook-injection</loc>
<lastmod>2024-05-23T17:05:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-email-subscribers-newsletters-plugin-for-wordpress-450-cross-site-request-forgery</loc>
<lastmod>2020-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-facebook/spider-facebook-108-sql-injection</loc>
<lastmod>2014-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-2412-unauthenticated-sql-injection</loc>
<lastmod>2025-12-13T16:20:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-prices/wholesale-suite-2112-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3125-authenticated-contributor-stored-cross-site-scripting-via-image-comparison</loc>
<lastmod>2024-11-11T14:44:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sidebartabs/sidebartabs-31-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-380-authenticated-editor-stored-cross-site-scripting-via-fontsfontfontvalue-parameter</loc>
<lastmod>2026-06-26T17:52:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apply-with-linkedin-buttons/apply-with-linkedin-buttons-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2141-authenticated-contributor-php-object-injection-via-deserialization-of-untrusted-data-via-blocksy_meta-rest-api-field</loc>
<lastmod>2026-06-08T20:11:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/image-gallery-responsive-photo-gallery-155-reflected-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-19152-login-page-disclosure</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-40-reflected-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsearch-plus/gee-search-plus-improved-wordpress-search-144-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-495-open-redirect</loc>
<lastmod>2018-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplg-default-mail-from/wplg-default-mail-from-100-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-11T14:27:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmarkapp-email-integrator/postmarkapp-email-integrator-24-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/streamit/streamit-401-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/note-press/note-press-0110-authenticated-admin-sql-injection-via-update</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forget-about-shortcode-buttons/forget-about-shortcode-buttons-213-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masvideos/mas-videos-132-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kjm-admin-notices/kjm-admin-notices-201-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-graphite/open-graphite-160-reflected-cross-site-scripting-via-topic-parameter</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nicejob/nicejob-365-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rentmy-online-rental-shop/rentmy-real-time-rental-management-plugin-4041-missing-authorization-to-unauthenticated-settings-update-via-rentmy_cdn_request-ajax-action</loc>
<lastmod>2026-06-23T16:38:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/photos-files-youtube-twitter-instagram-tiktok-ecommerce-contest-gallery-upload-vote-sell-via-paypal-social-share-buttons-2403-unauthenticated-sql-injection</loc>
<lastmod>2024-11-04T21:11:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentformpro/fluent-forms-pro-add-on-pack-6112-authenticated-subscriber-server-side-request-forgery-via-savedatasource</loc>
<lastmod>2026-02-08T22:49:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-console/wordpress-console-039-missing-authorization-via-reloadphp</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery-sell-photo/nextgen-gallery-sell-photo-104-stored-cross-site-scripting</loc>
<lastmod>2020-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apk-downloader/apk-downloader-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-integrations/contact-form-7-integrations-10-1310-multiple-cross-site-scripting</loc>
<lastmod>2014-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-mis-report/woocommerce-sales-mis-report-403-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-1471-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-471-authorization-bypass</loc>
<lastmod>2017-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecab-taxi-booking-manager/taxi-booking-manager-for-woocommerce-e-cab-130-missing-authorization-to-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scheduled/scheduled-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2216-missing-authorization-to-arbitrary-user-deletion</loc>
<lastmod>2025-03-14T14:23:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2311-authenticated-file-upload-and-path-traversal</loc>
<lastmod>2021-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scheduler-widget/scheduler-widget-016-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-event-modification</loc>
<lastmod>2026-02-13T18:27:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-433-stored-cross-site-scripting</loc>
<lastmod>2018-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-product-options/wpc-product-options-for-woocommerce-321-unauthenticated-arbitrary-file-download</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/scoreme/scoreme-2016-04-01-cross-site-scripting</loc>
<lastmod>2016-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/wp-customer-reviews-355-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-mobile-friendly-drag-drop-contact-form-builder-11525-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-booster/wp-db-booster-101-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/two-factor-authentication/two-factor-authentication-1110-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiwichat/kiwichat-nextclient-62-authenticated-contributor-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2025-05-01T13:11:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/handmade-framework/handmade-framework-39-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-writing-statistics/just-writing-statistics-45-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ruby-help-desk/ruby-help-desk-133-missing-authorization-to-arbitrary-ticket-modification</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-user-roles-switcher/automatic-user-roles-switcher-111-missing-authorization-to-privilege-escalation</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hueman-addons/hueman-addons-233-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-6033-reflected-cross-site-scripting</loc>
<lastmod>2025-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-316-arbitrary-shortcode-execution</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shockingly-simple-favicon/shockingly-simple-favicon-182-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsfirewall/rsfirewall-1142-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3212-missing-authorization-to-authenticated-subscriber-arbitrary-content-creation</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-import-ultimate-csv-xml-importer-for-wordpress-737-authenticated-subscriber-sql-injection-via-file-name</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-832-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-38101-unauthenticated-sql-injection-via-listing-grid-load-more-ajax-endpoint</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-page-loading/wp-page-loading-106-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-327-missing-authorization</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/wordpress-classifieds-plugin-ad-directory-listings-by-awp-classifieds-30-cross-site-scripting</loc>
<lastmod>2014-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership-custom-messages/simple-membership-custom-messages-24-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-340-arbitrary-file-upload</loc>
<lastmod>2015-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/wallet-for-woocommerce-156-authenticated-subscriber-incorrect-conversion-between-numeric-types</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-118-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedstats-de/feedstats-24-cross-site-scripting</loc>
<lastmod>2007-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-370-authenticated-contributor-stored-cross-site-scripting-via-sina-posts-sina-blog-post-and-sina-table-widgets</loc>
<lastmod>2025-07-31T21:23:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/jetbackup-2097-sensitive-information-exposure-via-directory-listing</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-nocaptcha-recaptcha/captcha-4wp-7061-cross-site-request-forgery-to-local-file-inclusion</loc>
<lastmod>2022-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-referer-spam/block-referer-spam-1194-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profiler-what-slowing-down/profiler-what-slowing-down-your-wp-100-missing-authorization</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/m2wp/magento-2-wordpress-integration-141-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-6110-missing-authorization</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-create-highly-converting-mobile-friendly-marketing-popups-4111-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6260-reflected-cross-site-scripting</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-audio-player/html5-audio-player-2228-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ptviewer/wp-pt-viewer-202-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-yelp-review-slider/wp-yelp-review-slider-70-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inventory-manager/wp-inventory-manager-234-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mrlegend-typedjs/typed-js-a-typewriter-style-animation-120-authenticated-contributor-stored-cross-site-scripting-via-typespeed-parameter</loc>
<lastmod>2025-02-19T21:07:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-notify-lite/popup-builder-1129-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sendgrid-mailer/sendgrid-for-wordpress-14-unauthenticated-sql-injection</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexytalk-widget/frescochat-live-chat-326-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/srbtranslatin/wp-optimize-3212-srbtranslatin-24-storedreflected-cross-site-scripting-via-third-party-library</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-3427-cross-site-request-forgery-to-plugin-installation</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-547-stored-cross-site-scripting</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-under-construction/ultimate-under-construction-193-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/productdyno/productdyno-1024-reflected-cross-site-scripting-via-res-parameter</loc>
<lastmod>2025-03-10T16:21:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export-pro/export-any-wordpress-data-to-xmlcsv-141-wp-all-export-pro-186-cross-site-request-forgery-to-phar-deserialization</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-564-sql-injection</loc>
<lastmod>2018-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12221-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-wordpress-project-task-management-plugin-306-authenticated-contributor-stored-cross-site-scripting-via-wppm_tasks-shortcode</loc>
<lastmod>2025-01-03T20:06:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3151-authenticated-subscriber-limited-arbitrary-wordpress-action-execution</loc>
<lastmod>2026-04-14T12:25:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-stories-enhancer/web-stories-enhancer-level-up-your-web-stories-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogger-buzz/blogger-buzz-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-duplicator/easy-post-duplicator-101-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-978-full-path-disclosure</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-support-ticket-system/woocommerce-support-ticket-system-185-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yotuwp-easy-youtube-embed/video-gallery-youtube-playlist-channel-gallery-by-yotuwp-1310-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-alt-text/auto-alt-text-252-cross-site-request-forgery</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel/carousel-ultimate-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-instanteditredirect-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formget-contact-form/contact-form-by-formget-555-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-3934-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hashbar-wp-notification-bar/hashbar-wordpress-notification-bar-135-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5192-missing-authorization-to-unauthenticated-content-injection</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inactive-logout/inactive-logout-355-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T13:27:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-on-demand-search-and-replace/cm-on-demand-search-and-replace-130-cross-site-request-forgery</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drawblog/drawblog-090-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-publications-by-supsystic/digital-publications-by-supsystic-177-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2026-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmozo-addons-lite-for-elementor/wpmozo-addons-lite-for-elementor-110-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-335-authenticated-contributor-stored-cross-site-scripting-via-button_text-shortcode-attribute</loc>
<lastmod>2026-04-13T14:48:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recaptcha-wp/recaptcha-wp-026-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-action-network/wordpress-action-network-143-authentcated-admin-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9200-unauthenticated-sql-injection</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33202-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-09-25T17:41:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-binary-mlm/binary-mlm-woocommerce-20-reflected-cross-site-scripting-via-page</loc>
<lastmod>2025-01-06T16:22:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-523-stored-cross-site-scripting-via-request_uri</loc>
<lastmod>2014-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-324-arbitrary-file-deletion</loc>
<lastmod>2019-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-styler/cf7-wow-styler-172-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-compare/yith-woocommerce-compare-209-unauthenticated-php-object-injection</loc>
<lastmod>2016-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-3rdparty-post-again/forms-3rd-party-post-again-03-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtranslate/gtranslate-2851-reflected-cross-site-scripting</loc>
<lastmod>2020-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-organizer/media-file-organizer-101-directory-traversal</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sequel/sequel-1011-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-multi-importer/wp-rss-multi-importer-314-cross-site-request-forgery</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locations/locations-40-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/education-zone/education-zone-138-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-cross-site-scripting-via-javascript-and-data-urls</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minify-html-markup/minify-html-2112-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-03-30T23:01:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2157-authenticated-contributor-stored-cross-site-scripting-via-aux_timeline-shortcode</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-booking-system/course-booking-system-612-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/petermason/peter-mason-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-timelines/wp-timeline-vertical-and-horizontal-timeline-plugin-367-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/happy-baby/happy-baby-1212-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2wb/wordpres-110-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-11126-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-chat-for-whatsapp/click-to-chat-holithemes-335-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expresstechsoftwares-memberpress-discord-add-on/memberpress-discord-addon-114-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lightbox-2/wp-lightbox-2-3066-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21124-missing-authorization</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-1563-cross-site-scripting</loc>
<lastmod>2015-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-free-widgets-extensions-and-templates-2713-cross-site-request-forgery</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickymenu/my-sticky-bar-formerly-mystickymenu-271-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-61121-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21116-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codeconfig-accessibility/accessiy-by-codeconfig-accessibility-100-missing-authorization-to-authenticated-subscriber-arbitrary-page-creation</loc>
<lastmod>2025-12-05T17:47:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/navian/navian-154-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-create-native-android-ios-apps-on-the-cloud-4153-authenticated-subscriber-limited-arbitrary-file-upload</loc>
<lastmod>2024-09-12T20:50:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-2010-missing-authorization-to-google-api-key-update</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-29947-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translatepress-multilingual/translatepress-2102-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-900-missing-authorization-to-authenticated-subscriber-server-side-request-forgery-and-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:19:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lana-email-tester/lana-email-tester-100-missing-authorization-to-mail-relay-cross-site-request-forgery</loc>
<lastmod>2022-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookify/bookify-appointment-booking-scheduling-for-wordpress-111-missing-authorization</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/north-plugin/north-142-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/specia-companion/specia-companion-48-missing-authorization</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uji-countdown/uji-countdown-23-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-edge-lite-image-background-remover/magic-edge-lite-116-authenticated-contributor-stored-cross-site-scripting-via-height-parameter</loc>
<lastmod>2025-08-01T19:37:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weichuncai/weichuncaiwp-15-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T14:45:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telegram-bot/telegram-bot-channel-41-unauthenticated-stored-cross-site-scripting-via-telegram-username</loc>
<lastmod>2025-11-24T16:29:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-submission/easy-post-submission-170-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stripe-checkout/wp-stripe-checkout-12241-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audioigniter/audioigniter-music-player-202-unauthenticated-insecure-direct-object-reference-to-audioigniter_playlist_id-parameter</loc>
<lastmod>2026-05-21T19:33:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basepress/knowledge-base-documentation-wiki-plugin-basepress-21701-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/causes/causes-donation-plugin-1001-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daggerhart-openid-connect-generic/openid-connect-generic-client-3100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/date-counter/date-counter-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-125-stored-cross-site-scripting</loc>
<lastmod>2018-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-167-unauthenticated-open-redirect</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-401-unauthenticated-price-manipulation-and-insecure-direct-object-reference</loc>
<lastmod>2026-05-12T15:19:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-gmail-login/simple-gmail-login-114-sensitive-information-disclosure</loc>
<lastmod>2012-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/confetti-fall-animation/confetti-fall-animation-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table/pricing-table-152-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-04-05T14:36:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unilevel-mlm-plan/unilevel-mlm-plan-110-reflected-cross-site-scripting-via-page</loc>
<lastmod>2025-01-06T15:43:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-help/seo-help-685-missing-authorization</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-chocolate/dt-chocolate-all-versions-cross-site-scripting</loc>
<lastmod>2014-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taxonomy-terms-order/category-order-and-taxonomy-terms-order-1522-authenticated-php-object-injection</loc>
<lastmod>2018-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdevart-vertical-menu/responsive-vertical-icon-menu-158-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/utilities-for-mtg/utilities-for-mtg-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T19:01:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-simple-powerful-and-easy-url-shortener-plugin-for-wordpress-165-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/hubbub-lite-1360-reflected-cross-site-scripting</loc>
<lastmod>2025-11-05T18:42:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gb-forms-db/gb-forms-db-102-unauthenticated-remote-code-execution</loc>
<lastmod>2025-07-10T18:32:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging/wp-staging-wordpress-backup-plugin-320-sensitive-information-exposure-via-cache-files</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wishlist-for-more-convert-premium/moreconvert-pro-1914-authentication-bypass-via-waitlist-guest-verification-token-reuse</loc>
<lastmod>2026-05-04T13:18:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/axle-demo-importer/axle-demo-importer-103-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminonline/adminonline-unspecified-version-directly-traversalarbitrary-file-read</loc>
<lastmod>2014-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/s3-bubble-amazon-s3-html5-video-with-adverts-20-arbitrary-file-download</loc>
<lastmod>2015-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webtoffee-product-feed/product-feed-for-woocommerce-228-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsynchro/wp-migration-plugin-db-files-wp-synchro-1112-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tiktok-feed/quadlayers-tiktok-feed-464-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-click-demo-import/catch-themes-demo-import-302-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar/calendar-132-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ink-official/ink-official-412-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-uploader/wp-image-uploader-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-29T23:03:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jsp-store-locator/jsp-store-locator-10-cross-site-request-forgery-to-store-deletion</loc>
<lastmod>2024-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/news-magazine-x/news-magazine-x-1250-missing-authorization</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-embed/maps-plugin-using-google-maps-for-wordpress-wp-google-map-193-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-1412-sql-injection</loc>
<lastmod>2018-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mastercurrency-wp/master-currency-wp-1161-authenticated-contributor-stored-cross-site-scripting-via-currency-converter-form-shortcode</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/basel/basel-591-missing-authorization</loc>
<lastmod>2025-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/porto-functionality/porto-theme-functionality-310-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shipdeo-woo/shipdeo-128-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-1231-sql-injection</loc>
<lastmod>2015-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-elements/spider-elements-addons-for-elementor-165-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3238-unauthenticated-brute-force-of-file-master-key</loc>
<lastmod>2022-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-142-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-screen-menu-for-elementor/full-screen-menu-for-elementor-107-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-20T20:18:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-551-missing-authorization-to-authenticated-subscriber-minor-settings-update</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-timed-popup/timed-popup-wordpress-plugin-14-cross-site-request-forgery</loc>
<lastmod>2014-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drop-caps/drop-caps-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xml-sitemaps-for-videos/google-xml-sitemap-for-videos-261-cross-site-request-forgery-via-video_sitemap_generate</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/definitive-addons-for-elementor/definitive-addons-for-elementor-1516-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-click-close-comments/one-click-close-comments-271-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-26T13:12:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3303-improper-authorization-to-unauthenticated-download-of-password-protected-files</loc>
<lastmod>2024-12-18T16:22:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w4-post-list/w4-post-list-244-authenticated-contributor-stored-cross-site-scripting-via-w4plno_items_text</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-316-unauthenticated-sql-injection-via-order_id</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-best-wordpress-poll-plugin-518-missing-authorization-to-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-follow-button-for-jetpack/better-follow-button-for-jetpack-80-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-manager/job-manager-0725-insecure-direct-object-reference</loc>
<lastmod>2015-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-manager/broken-link-manager-065-reflected-cross-site-scripting</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arrow-twitter-feed/arrow-custom-feed-for-twitter-153-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-797-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googl-url-shorter/googl-url-shorter-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calderawp-license-manager/calderawp-license-manager-1211-cross-site-request-forgery</loc>
<lastmod>2022-04-12T10:56:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oembed-gist/oembed-gist-491-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-headers/http-headers-11811-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clubmember/clubmember-02-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:51:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-appointment/instant-appointment-12-unauthenticated-sql-injection</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-1/peadigs-google-1-button-012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-sitemap/wp-simple-sitemap-02-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-limit-posts-reloaded/auto-limit-posts-reloaded-25-cross-site-request-forgery</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-1278-authenticated-contributor-path-traversal</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-page-creator/bulk-page-creator-113-cross-site-request-forgery-to-arbitrary-page-creation</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-2711-authenticated-contributor-stored-cross-site-scripting-via-jsontext-block-attribute</loc>
<lastmod>2026-03-21T14:57:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-https-remover/inisev-analyst-module-various-versions-missing-authorization</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/marveland/marveland-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5192-improper-authorization-to-price-change</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anycomment/anycomment-0217-cross-site-request-forgery</loc>
<lastmod>2022-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-combo-36-gutenberg-blocks-2268-information-exposure-via-get_posts-api-endpoint</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmuldap/wpmu-ldap-authentication-501-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobeleon-wpjobboard/jobeleon-theme-191-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-wordpress-gym-management-system-unknown-version-sql-injection</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-6315-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-admin-menu/easy-admin-menu-13-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ngg-smart-image-search/ngg-smart-image-search-333-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-7513-cross-site-request-forgery-via-action_admin_init</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tribe/tribe-173-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/frontend-content-forms-for-user-submissions-ugc-2815-authenticated-contributor-stored-cross-site-scripting-via-buddyforms_nav-shortcode</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/playerzbr/playerzbr-16-authenticated-contributor-stored-cross-site-scripting-via-url-meta-field</loc>
<lastmod>2025-10-21T20:18:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/metro/metro-213-reflected-cross-site-scripting</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/norse-runes-oracle/norse-rune-oracle-plugin-142-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-donimedia-carousel/wp-donimedia-carousel-101-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandmagazine/grand-magazine-357-reflected-cross-site-scripting</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/wpbakery-page-builder-addons-by-livemesh-394-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-05-26T17:33:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/livemesh-addons-for-elementor-90-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-woocommerce-products-slider/gs-products-slider-for-woocommerce-158-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rs-wp-books-showcase/rs-wp-book-showcase-6740-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-2113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-load-next-post/auto-load-next-post-1514-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-votes-in-one-page/multiple-votes-in-one-page-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-faq/arconix-faq-195-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clone-any-post-type/wp-clone-any-post-type-36-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9150-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21122-authenticated-editor-stored-cross-site-scripting-via-order_mail</loc>
<lastmod>2025-10-21T17:22:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-box-office/woocommerce-box-office-122-missing-authorization</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-651-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-327-arbitrary-file-download</loc>
<lastmod>2019-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtranslate/translate-wordpress-with-gtranslate-298-translate-wordpress-google-language-translator-6013-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-recent-posts/visual-recent-posts-123-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar/calendar-138-reflected-cross-site-scripting</loc>
<lastmod>2016-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-popup/jetpopup-2011-missing-authorization</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bus-ticket-booking-with-seat-reservation/bus-ticket-booking-with-seat-reservation-523-reflected-cross-site-scripting</loc>
<lastmod>2023-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-comments-for-wordpress-vuukle/vuukle-comments-reactions-share-bar-revenue-3431-cross-site-request-forgery-bypass</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-67-html-injection</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-pop-up-banners/cm-pop-up-banners-1510-authenticated-subscriber-sql-injection-via-getstatistics</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/synved-shortcodes/wordpress-shortcodes-1636-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/darkmysite/darkmysite-advanced-dark-mode-plugin-for-wordpress-128-cross-site-request-forgery</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-330-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-4920-privilege-escalation</loc>
<lastmod>2019-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid-carousel-ultimate/post-grid-slider-carousel-ultimate-with-shortcode-gutenberg-block-elementor-widget-1610-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-dictionary/xili-dictionary-2125-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimate-ads/optimate-ads-103-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child-reports/mainwp-child-reports-207-admin-sql-injection</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radius-blocks/radius-blocks-221-authenticated-contributor-stored-cross-site-scripting-via-subheadingtagname-parameter</loc>
<lastmod>2025-08-14T20:13:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optional-email/optional-email-1311-unauthenticated-privilege-escalation-to-account-takeover</loc>
<lastmod>2026-01-06T19:57:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-wp-writer/ai-wp-writer-3844-cross-site-request-forgery</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-lite-303-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-sql-injection-via-wp_date_query</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-256-cross-site-request-forgery-to-user-earnings-deletion</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-member-subscriptions-2151-unauthenticated-sql-injection</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/wp-google-review-slider-155-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-options-changes-via-wp_route</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taxonomy-discounts-woocommerce/taxonomyterm-and-role-based-discounts-for-woocommerce-51-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-422-unauthenticated-option-creation</loc>
<lastmod>2019-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-wp/accordion-26-authenticated-editor-stored-cross-site-scripting-via-accordion-settings</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-doctor-directory/hospital-doctor-directory-139-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shareaholic/shareaholic-978-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-3730-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-download-codes/wp-download-codes-254-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-and-operating-system-finder/browser-and-operating-system-finder-12-missing-authorization</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-menu/if-menu-0191-missing-authorization-to-license-key-update</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-3dflick-slideshow/3d-flick-slideshow-22-arbitrary-file-upload</loc>
<lastmod>2012-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7116-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googmonify/googmonify-051-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date-for-woocommerce/order-delivery-date-for-woocommerce-3210-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-slider-for-page-builders/yith-slider-for-page-builders-1011-missing-authorization</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-youtube-importer/auto-youtube-importer-103-cross-site-request-forgery</loc>
<lastmod>2023-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-testimonials-and-reviews-widget/social-proof-testimonials-and-reviews-by-repuso-520-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T21:08:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/m1downloadlist/m1downloadlist-019-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgearoo/badgearoo-1014-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-642-ip-spoofing-via-x-forwarded-for-header</loc>
<lastmod>2022-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-shipping-canada-post/woocommerce-canada-post-shipping-283-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-validation-for-gravity-forms/real-time-validation-for-gravity-forms-170-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-link-picker-field/advanced-custom-fields-link-picker-field-128-reflected-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-ultimate-template-builder-for-elementor-219-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-22T15:09:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pendulum/pendulum-315-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shift-cv/shiftcv-blog-resume-portfolio-wordpress-theme-3014-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-importer-plus/demo-importer-plus-208-missing-authorization-to-authenticated-subscriber-site-reset-and-privilege-escalation</loc>
<lastmod>2025-12-17T21:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table-of-contents/easy-table-of-contents-20452-missing-authorization-via-eztoc_reset_options_to_default</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happyforms/happyforms-1259-reflected-cross-site-scripting</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipe-card-blocks-by-wpzoom/recipe-card-blocks-by-wpzoom-280-reflected-cross-site-scripting</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-1361-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1011-sql-injection</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-453-cross-site-scripting-via-attachment-name-2</loc>
<lastmod>2016-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteimprove/siteimprove-206-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-242-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-10-11T20:34:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3324-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-355-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2016-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-more/popup-more-popups-232-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-one-page-checkout/woocommerce-one-page-checkout-230-authenticated-contributor-local-file-inclusion-via-woocommerce_one_page_checkout</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-412-cross-site-request-forgery</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fileorganizer/fileorganizer-and-fileorganizer-pro-106-authenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-is-offline-plugin/site-offline-or-coming-soon-166-cross-site-request-forgery-to-settings-update-and-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/massive-dynamic/massive-dynamic-82-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-4245-free-and-2276-premium-unauthenticated-stored-cross-site-scripting-via-excerpt-highlights</loc>
<lastmod>2025-05-30T14:49:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-10931-authenticatedcontributor-arbitrary-post-deletion-via-amppb_remove_saved_layout_data</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1364-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-616-insufficient-authorization-via-wpas_can_delete_attachments</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-2127-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-hero/css-hero-403-reflected-cross-site-scripting</loc>
<lastmod>2019-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-2763-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-buttons-creator/simple-buttons-creator-104-unauthenticated-stored-cross-site-scripting-via-add-button</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-custom-url-tracking/exchange-addon-custom-url-tracking-110-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-kit-elementor-addons/news-kit-elementor-addons-121-authenticated-contributor-sensitive-information-exposure-via-canvas-menu-elementor-template</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-pro-241114-unauthenticated-remote-code-execution</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flatsome/flatsome-3200-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-09-04T14:54:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bus-ticket-booking-with-seat-reservation/bus-ticket-booking-with-seat-reservation-535-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sola-newsletters/nifty-newsletters-4023-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-constant-contact/gravity-forms-constant-contact-112-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitemap/sitemap-43-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_roknewspager/roknewspager-117-path-disclosure</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generateblocks/generateblocks-135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-8613-authenticated-contributor-privilege-esclation</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-icommerce/wp-icommerce-the-first-interactive-ecommerce-for-wordpress-111-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/woocommerce-social-login-262-unauthenticated-php-object-injection</loc>
<lastmod>2024-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-product-feed-manager/woocommerce-google-feed-manager-280-missing-authorization-to-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2024-08-22T16:29:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-user-role-editor/wpfront-user-role-editor-320-reflected-cross-site-scripting</loc>
<lastmod>2021-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accounting-for-woocommerce/accounting-for-woocommerce-168-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-411-unauthenticated-privilege-escalation</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-wishlist/yith-woocommerce-wishlist-4100-unauthenticated-insecure-direct-object-reference-to-unauthenticated-wishlist-rename</loc>
<lastmod>2025-11-18T14:26:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexi-product-slider-grid/flexi-product-slider-and-grid-for-woocommerce-105-authenticated-contributor-local-file-inclusion-via-theme-shortcode-attribute</loc>
<lastmod>2026-02-13T18:20:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyshift/propertyshift-100-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/current-book/current-book-101-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/user-frontend-ai-powered-frontend-posting-user-directory-profile-membership-user-registration-432-missing-authorization-to-authenticated-subscriber-subscription-pack-cancellation</loc>
<lastmod>2026-06-08T20:48:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-wordpress-catalog-plugin-5025-cross-site-request-forgery</loc>
<lastmod>2022-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bug-library/bug-library-203-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1023-shortcode-sql-injection</loc>
<lastmod>2016-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/konzept/konzept-fullscreen-portfolio-wordpress-theme-24-reflected-cross-site-scripting</loc>
<lastmod>2020-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-300-arbitrary-file-upload</loc>
<lastmod>2015-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1583-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-dashboard/ultimate-dashboard-387-missing-authorization-to-authenticated-subscriber-plugin-modules-activationdeactivation</loc>
<lastmod>2025-03-25T11:05:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-subscription/tagdiv-opt-in-builder-17-authenticated-subscriber-sql-injection-via-subscriptioncouponid-parameter</loc>
<lastmod>2025-04-29T19:47:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collapsing-categories/collapsing-categories-309-authenticated-contributor-sql-injection</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prague-plugins/prague-228-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-professional-1352-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-events-calendar/simple-events-calendar-136-authenticated-admin-sql-injection</loc>
<lastmod>2017-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peer-publish/peer-publish-10-cross-site-request-forgery</loc>
<lastmod>2025-11-24T19:07:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-1021-authenticated-author-stored-cross-site-scripting-via-animated-box-animation_effect-setting</loc>
<lastmod>2026-06-30T16:01:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-manager/woocommerce-checkout-manager-730-missing-authorization</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor-pro/piotnet-addons-for-elementor-pro-7170-unauthenticated-arbitrary-file-upload-via-form-file-upload</loc>
<lastmod>2026-05-18T18:28:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yummly-rich-recipes/yummly-rich-recipes-42-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imember360/imember360-39001-missing-authorization-and-sensitive-data-exposure</loc>
<lastmod>2014-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
</urlset>
