WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Gmail SMTP versions = 1.2.3.19...

WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Hester Core versions = 1.1.8...

WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ghost Kit versions = 3.6.0...

WordPress WCBoost &#8211; Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WCBoost Products Compare versions = 1.1.0...

WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin GetPaid versions = 2.8.49...

WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Templately versions = 3.6.1...

WordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ave Core versions = 2.9.1...

WordPress Jannah theme <= 7.6.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jannah versions = 7.6.3...

WordPress Listify plugin <= 3.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Listify versions = 3.2.5...

WordPress pixfort Core plugin <= 3.2.22 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin pixfort Core versions = 3.2.22...

WordPress UDesign theme <= 4.14.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme UDesign versions = 4.14.0...

WordPress Sober theme <= 3.5.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Sober versions = 3.5.12...

WordPress JNews - Pay Writer plugin <= 11.0.0 - Local File Inclusion vulnerability

WordPress JNews - Pay Writer plugin = 11.0.0 - Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin JNews - Pay Writer versions = 11.0.0...

WordPress REHub Framework plugin <= 19.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin REHub Framework versions = 19.9.5...

WordPress Stumble! for WordPress plugin <= 1.1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Stumble! for WordPress versions = 1.1.1...

WordPress NS IE Compatibility Fixer plugin <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin NS Ie Compatibility Fixer versions = 2.1.5...

WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Woffice Core versions = 5.4.30...

WordPress Woffice theme <= 5.4.30 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Woffice versions = 5.4.30...

WordPress Photography theme < 7.7.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Photography versions 7.7.5...

WordPress Vireo theme <= 1.0.24 - Broken Access Control vulnerability

Software : Vireo Type : Theme Vulnerable versions : = 1.0.24 OWASP Top 10 : A1: Broken Access Control Classification : Broken Access Control CVE ID : CVE-2025-62751 Patchstack priority : Low CVSS severity : 4.3 Required privilege : Subscriber Developer : Claim ownership PSID : 110abd56a0bb Credit...