Syed Balkhi Syed Balkhi

  1. Vendors
  2. Syed Balkhi

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Syed Balkhi product.

RSS Feeds for Syed Balkhi security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Syed Balkhi products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Syed Balkhi Sorted by Most Security Vulnerabilities since 2018

Syed Balkhi Userfeedback Lite3 vulnerabilities

Syed Balkhi Wpforms Lite3 vulnerabilities

Syed Balkhi All In One Seo Pack2 vulnerabilities

Syed Balkhi Athemes Addons Elementor Lite1 vulnerability

Syed Balkhi Beacon By1 vulnerability

Syed Balkhi Charitable1 vulnerability

Syed Balkhi Custom Facebook Feed1 vulnerability

Syed Balkhi Custom Twitter Feeds1 vulnerability

Syed Balkhi Feeds For Youtube1 vulnerability

Syed Balkhi Google Analytics Dashboard Wp1 vulnerability

Syed Balkhi Rafflepress1 vulnerability

Syed Balkhi Simple Post Expiration1 vulnerability

Syed Balkhi Sugar Calendar Lite1 vulnerability

Syed Balkhi Table Of Contents Plus1 vulnerability

By the Year

In 2026 there have been 6 vulnerabilities in Syed Balkhi with an average score of 5.3 out of ten. Last year, in 2025 Syed Balkhi had 11 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Syed Balkhi in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.33

Year Vulnerabilities Average Score
2026 6 5.30
2025 11 6.63
2024 3 0.00

It may take a day or so for new Syed Balkhi vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Syed Balkhi Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-39476 Apr 08, 2026
Missing Authorization in User Feedback plugin (<=1.10.1) Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.
Userfeedback Lite
CVE-2026-39475 Apr 08, 2026
WordPress User Feedback Lite <=1.10.1 SQL Injection Vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.1.
Userfeedback Lite
CVE-2026-25339 Mar 25, 2026
Syed Balkhi WPForms wpforms-lite <=1.9.8.7 Sensitive Data Leak Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms: from n/a through <= 1.9.8.7.
Wpforms Lite
CVE-2026-32446 Mar 13, 2026
WPForms Lite <=1.9.9.3 Missing Auth Vulnerability Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3.
Wpforms Lite
CVE-2026-24636 Jan 23, 2026
Missing Auth in Sugar Calendar Lite <=3.10.1 (WP Plugin) Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lite) sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar (Lite): from n/a through <= 3.9.1.
Sugar Calendar Lite
CVE-2020-36919 Jan 13, 2026
WPForms 1.7.8 XSS via ListTable.php slider import/search WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.
CVE-2025-68496 Dec 24, 2025
User Feedback WP Plugin <=1.10.1 Blind SQLi Vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.0.
Userfeedback Lite
CVE-2025-64295 Dec 18, 2025
All In One SEO Pack <=4.8.6.1 Sens Data Sent Exposure Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.6.1.
All In One Seo Pack
CVE-2025-67950 Dec 16, 2025
All In One SEO Pack <=4.9.1 Blind SQL Injection Vulnerability Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1.
All In One Seo Pack
CVE-2025-64635 Dec 16, 2025
Missing Auth in Feeds-for-YouTube <=2.4.0 (Syed Balkhi) Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0.
Feeds For Youtube
CVE-2025-66064 Nov 21, 2025
CSRF in Giveaways & Contests by RafflePress <=1.12.20 (Wordpress) Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.20.
Rafflepress
CVE-2025-49937 Oct 22, 2025
Auth Bypass in Smash Balloon Social Post Feed v4.3.2 (Custom Facebook Feed) Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through <= 4.3.2.
Custom Facebook Feed
CVE-2025-24637 Apr 17, 2025
Beacon Lead Magnets XSS (Reflected) v<1.5.7 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Beacon Lead Magnets and Lead Capture beacon-by allows Reflected XSS.This issue affects Beacon Lead Magnets and Lead Capture: from n/a through <= 1.5.7.
Beacon By
CVE-2025-31734 Apr 01, 2025
Simple Post Expiration <=1.0.1 DOM-Based XSS (CVE-2025-31734) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Simple Post Expiration simple-post-expiration allows DOM-Based XSS.This issue affects Simple Post Expiration: from n/a through <= 1.0.1.
Simple Post Expiration
CVE-2025-30770 Mar 27, 2025
Charitable <=1.8.4.7 DOM-Based XSS in Syed Balkhi Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable charitable allows DOM-Based XSS.This issue affects Charitable: from n/a through <= 1.8.4.7.
Charitable
CVE-2025-24750 Jan 24, 2025
Unrestricted Access in ExactMetrics < 8.1.0 via Misconfigured ACL Missing Authorization vulnerability in Syed Balkhi ExactMetrics google-analytics-dashboard-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ExactMetrics: from n/a through <= 8.1.0.
Google Analytics Dashboard Wp
CVE-2024-56276 Jan 07, 2025
Missing Auth in WPForms Contact Form v<=1.9.2.2 Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.2.2.
Wpforms Lite
CVE-2024-51675 Nov 09, 2024
aThemes Addons XSS via Elementor Widgets Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite allows DOM-Based XSS.This issue affects aThemes Addons for Elementor: from n/a through <= 1.0.7.
Athemes Addons Elementor Lite
CVE-2024-49685 Oct 31, 2024
CSRF in SmashBalloon Custom Twitter Feeds (Tweets Widget) < 2.2.4 Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Custom Twitter Feeds (Tweets Widget) custom-twitter-feeds allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through <= 2.2.3.
Custom Twitter Feeds
CVE-2024-49250 Oct 20, 2024
Table of Contents Plus CSRF Vulnerability CVE-2024-49250 Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Table of Contents Plus table-of-contents-plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through <= 2408.
Table Of Contents Plus
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.