WordPress Stumble! for WordPress plugin <= 1.1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Stumble! for WordPress versions = 1.1.1...

WordPress Vireo theme <= 1.0.24 - Broken Access Control vulnerability

Software : Vireo Type : Theme Vulnerable versions : = 1.0.24 OWASP Top 10 : A1: Broken Access Control Classification : Broken Access Control CVE ID : CVE-2025-62751 Patchstack priority : Low CVSS severity : 4.3 Required privilege : Subscriber Developer : Claim ownership PSID : 110abd56a0bb Credit...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.15...

WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CookieHint WP versions = 1.0.0...

WordPress OpenID Connect Generic Client plugin <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin OpenID Connect Generic Client versions = 3.10.0...

WordPress Simple Theme Changer plugin <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability

Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

WordPress CSV to SortTable plugin <= 4.2 - Contributor+ LFI vulnerability

Contributor+ LFI vulnerability discovered by Ivan Cese in WordPress Plugin CSV to SortTable versions = 4.2...