WordPress Email Customizer for WooCommerce | Drag and Drop Email Templates Builder plugin <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Email Template Content vulnerability discovered by fallenofalbaz in WordPress Plugin Email Customizer for WooCommerce versions = 2.6.7...

WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BuddyPress Activity Shortcode versions = 1.1.8...

WordPress SensitiveTagCloud plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin SensitiveTagCloud versions = 1.4.1...

WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin FluentCommunity versions = 2.0.0...

WordPress Contest Gallery plugin <= 28.0.2 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by type5afe in WordPress Plugin Contest Gallery versions = 28.0.2...

WordPress Gallery Plugin for WordPress – Envira Photo Gallery plugin <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions vulnerability

Missing Authorization to Authenticated Author+ Multiple Gallery Actions vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Envira Photo Gallery versions = 1.12.0...

WordPress Comment Edit Core – Simple Comment Editing plugin <= 3.1.0 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Powpy in WordPress Plugin Comment Edit Core – Simple Comment Editing versions = 3.1.0...

WordPress WP-Iconics plugin <= 0.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin WP-Iconics versions = 0.0.4...

WordPress Ad Inserter plugin <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Field vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ad Inserter versions = 2.8.7...

WordPress FunnelKit Automations plugin <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Email Sending vulnerability discovered by Rafshanzani Suhada in WordPress Plugin FunnelKit Automations versions = 3.6.4.1...

Drupal Features Module <= 0.0.2 is vulnerable to Broken Access Control

Software Features Type Module Vulnerable versions = 0.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-12582 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2b7c0646055d Credits Nabil Irawan - Heroes Cyber Security...

WordPress Import Export For WooCommerce plugin <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Import Export For WooCommerce versions = 1.6.2...

WordPress Associados Amazon plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Associados Amazon versions = 0.8...

WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin K Elements versions 5.5.0...

WordPress Password Policy Manager plugin <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out vulnerability

Missing Authorization to Authenticated Subscriber+ Configuration Log Out vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Password Policy Manager versions = 2.0.5...

WordPress Originality.ai AI Checker plugin <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove' vulnerability

Missing Authorization to Authenticated Subscriber+ Scan Log Deletion via ' aiscanresultremove' vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Originality.ai AI Checker versions = 1.0.12...

WordPress Responsive Progress Bar plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Responsive Progress Bar versions = 1.0...

WordPress Theme Importer plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Theme Importer versions = 1.0...

WordPress WidgetPack Comment System plugin <= 1.6.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin WidgetPack Comment System versions = 1.6.1...

WordPress Majestic Before After Image plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Majestic Before After Image versions = 2.0.2...