WordPress Studiocart plugin <= 2.9.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WordPress eCommerce Plugin – Studiocart versions = 2.9.0...

WordPress Backup Migration plugin <= 1.4.9 - Information Exposure to Unauthenticated Back-up Download vulnerability

Information Exposure to Unauthenticated Back-up Download vulnerability discovered by ymmfty0 in WordPress Plugin Backup Migration versions = 1.4.9...

WordPress WP Headless CMS Framework plugin <= 1.15 - Unauthenticated Protection Mechanism Bypass vulnerability

Unauthenticated Protection Mechanism Bypass vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WP Headless CMS Framework versions = 1.15...

WordPress BM Content Builder Plugin < 3.16.3.3 - Arbitrary File Deletion Vulnerability

Arbitrary File Deletion Vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin BM Content Builder versions 3.16.3.3...

WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WpEvently versions = 4.4.8...

WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Zephyr Project Manager versions = 3.3.201...

WordPress Golo Theme <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Golo Type Theme Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-54724 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9a5f34e954ab Credits Bonds Required privilege Unauthenticated...

WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin e-Boekhouden.nl versions = 1.9.3...

WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability

Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.4...

WordPress FunnelKit Automations plugin <= 3.6.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin FunnelKit Automations versions = 3.6.3...

WordPress Add Custom Codes <= 4.80 - Arbitrary Code Execution Vulnerability

Arbitrary Code Execution Vulnerability discovered by Ryan Novotny in WordPress Plugin Add Custom Codes versions = 4.80...

WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Eventin versions = 4.0.31...

WordPress Authentication and xmlrpc log writer plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Authentication and xmlrpc log writer versions = 1.2.2...

WordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by 63n0 in WordPress Plugin Welcart e-Commerce versions = 2.11.16...

WordPress WP Dynamic Links plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin WP Dynamic Links versions = 1.0.1...

WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WordPress Event Manager, Event Calendar and Booking Plugin versions = 4.0.24...

WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by theviper17 in WordPress Plugin Project Cost Calculator versions = 1.0.0...

WordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by theviper17 in WordPress Plugin Code Engine versions = 0.3.3...

WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ReachShip WooCommerce Multi-Carrier & Conditional Shipping versions = 4.3.1...

WordPress SureForms plugin < 1.7.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.7.2...