WordPress Brevo for WooCommerce plugin <= 4.0.49 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by shark3y in WordPress Plugin Sendinblue for WooCommerce versions = 4.0.49...

WordPress AI Feeds plugin <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'aifepostmeta' Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin AI Feeds versions = 1.0.22...

WordPress AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin <= 1.6.5 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AI Chatbot Free Models versions = 1.6.5...

WordPress Proof Factor – Social Proof Notifications Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Vinit Lakra in WordPress Plugin Proof Factor Social Proof Notifications versions = 1.0.5...

WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Nest Addons versions = 1.6.3...

WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection

Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-47579 Patch priority High CVSS severity High 9 Developer EPC PSID f3488f35689e Credits Rafie Muhammad Patchstack Required privilege Unauthenticated...

WordPress Xpro Elementor Addons - Pro plugin <= 1.4.9 - Authenticated (Contributor+) Remote Code Execution vulnerability

WordPress Xpro Elementor Addons - Pro plugin = 1.4.9 - Authenticated Contributor+ Remote Code Execution vulnerability discovered by stealthcopter in WordPress Plugin Xpro Elementor Addons - Pro versions = 1.4.9...

WordPress Modal Survey plugin <= 2.0.2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Modal Survey versions = 2.0.2.0.1...

WordPress KiotViet Sync Plugin <= 1.8.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Le Ngoc Anh in WordPress Plugin KiotViet Sync versions = 1.8.4...

WordPress FAT Cooming Soon plugin <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin FAT Cooming Soon versions = 1.1...

WordPress WP Edit Username Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Edit Username Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47527 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3874545cb784 Credits Jeongwoo-LeeRoronoa Required privileg...

WordPress Cosmetsy Core Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Cosmetsy Core Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49839 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 77a58ba376e1 Credits RE-ALTER Required privilege...

WordPress WordPress Auto SEO Plugin – Upfiv SEO Wizard Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Auto SEO Plugin – Upfiv SEO Wizard Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 2a56c1fca648 Credits Rafie...