WordPress iNext Woo Pincode Checker plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin iNext Woo Pincode Checker versions = 2.3.1...

WordPress WPKoi Templates for Elementor plugin <= 3.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WPKoi Templates for Elementor versions = 3.4.4...

WordPress Accessiy By CodeConfig Accessibility plugin <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CodeConfig Accessibility versions = 1.0.0...

WordPress List Attachments Shortcode plugin <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via list-attachments Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin List Attachments Shortcode versions = 0.4.1a...

WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Envo Extra versions = 1.9.11...

WordPress Voidek Employee Portal plugin <= 1.0.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Voidek Employee Portal versions = 1.0.6...

WordPress Upload.am plugin < 1.0.1 - Contributor+ Arbitrary Option Disclosure vulnerability

Contributor+ Arbitrary Option Disclosure vulnerability discovered by Beatriz Fresno Naumova beafn28 in WordPress Plugin Upload.am versions 1.0.1...

WordPress Arconix Shortcodes plugin <= 2.1.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rooting in WordPress Plugin Arconix Shortcodes versions = 2.1.19...

WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin FluentCommunity versions = 2.0.0...

WordPress Gutenverse plugin <= 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin Gutenverse versions = 3.2.1...

WordPress Live Photos on WordPress plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Live Photos on WordPress versions = 0.1...

WordPress Check Plagiarism plugin <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Check Plagiarism versions = 2.0...

WordPress Library Management System plugin <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Manipulation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Library Management System versions = 3.1...

WordPress All In One Login plugin <= 2.0.8 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by R1sky in WordPress Plugin All In One Login versions = 2.0.8...

WordPress Easy Pricing Table WP Plugin <= 1.1.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Peter Thaleikis in WordPress Plugin Easy Pricing Table WP versions = 1.1.3...

WordPress Penci Filter Everything Plugin < 1.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Filter Everything versions 1.7...

WordPress ELEX WooCommerce Google Shopping (Google Product Feed) plugin <= 1.4.3 - Authenticated (Admin+) SQL Inejction vulnerability

Authenticated Admin+ SQL Inejction vulnerability discovered by dutafi in WordPress Plugin ELEX WooCommerce Google Shopping versions = 1.4.3...

WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Bao BlueRock in WordPress Plugin Site Info versions = 1.1...

WordPress Shk Corporate Theme <= 2.4.1.1 is vulnerable to Broken Access Control

Software Shk Corporate Type Theme Vulnerable versions = 2.4.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 45c7c66747ba Credits Martino Spagnuolo r3verii Requir...

WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Paypal Payments versions = 5.7.46...