WordPress Justicia theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Justicia versions = 1.2...

WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Celeste versions = 1.3.6...

WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.4...

WordPress Advanced Ads - Ad Manager & AdSense plugin <= 2.0.15 - Authenticated (Admin+) SQL Injection vulnerability

WordPress Advanced Ads - Ad Manager & AdSense plugin = 2.0.15 - Authenticated Admin+ SQL Injection vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Advanced Ads versions = 2.0.15...

WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Struktur versions = 2.5.1...

WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Salient Shortcodes versions = 1.5.4...

WordPress AdForest theme <= 6.0.9 - Authentication Bypass to Admin vulnerability

Authentication Bypass to Admin vulnerability discovered by Tonn in WordPress Theme AdForest versions = 6.0.9...

WordPress WP JobHunt plugin <= 7.1 - Authentication Bypass to Candidate vulnerability

Authentication Bypass to Candidate vulnerability discovered by Tonn in WordPress Plugin WP JobHunt versions = 7.1...

WordPress jupdf pdf viewer plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Image Switcher versions = 0.1.1...

WordPress WP Meetup plugin <= 2.3.0 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika in WordPress Plugin WP Meetup versions = 2.3.0...

WordPress WP SecureSubmit plugin <= 1.5.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin WP SecureSubmit versions = 1.5.20...

WordPress NACC WordPress Plugin plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin NACC WordPress Plugin versions = 4.1.0...

WordPress Better WP Login Page plugin <= 1.1.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by l8BL Patchstack Alliance in WordPress Plugin Better WP Login Page versions = 1.1.2...

WordPress PostBox plugin <= 1.0.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin PostBox versions = 1.0.4...

WordPress Magical Addons For Elementor plugin <= 1.2.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Magical Addons For Elementor versions = 1.2.1...

WordPress Coub plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Coub versions = 1.4...

WordPress EU/UK VAT Manager for WooCommerce plugin <= 2.12.12 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Francesco Carlucci in WordPress Plugin EU/UK VAT Manager for WooCommerce versions = 2.12.12...

WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hnwmn Patchstack Alliance in WordPress Plugin WP Testimonial Widget versions = 3.1...

WordPress SociallyViral theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme SociallyViral versions = 1.0.10...

dahaboo.com Cross Site Scripting vulnerability OBB-3930457

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...