The Woocommerce plugin has a vulnerability that makes it possible for authenticated users with contributor level and above to access products classified as private, draft or trashed....
The Avada theme, Website Builder for WordPress & WooCommerce, is vulnerable to exposure of sensitive information in versions up to and including 7.11.5 through the form entry page....
The Elementor Website Builder plugin, much more than just a Page Builder for WordPress, is vulnerable to arbitrary file deletions and PHAR deserialization in versions up to and including 3.19.0....