WordPress Watcher for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Watcher for Elementor versions = 1.0.9...

WordPress Better Find and Replace plugin <= 1.7.7 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Adrian Lukita in WordPress Plugin Better Find and Replace versions = 1.7.7...

WordPress Payrexx Payment Gateway for WooCommerce Plugin <= 3.1.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Legion Hunter in WordPress Plugin Payrexx Payment Gateway for WooCommerce versions = 3.1.5...

WordPress Spacious Theme <= 1.9.11 is vulnerable to Broken Access Control

Software Spacious Type Theme Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bca30fd3c674 Credits Dmitrii Ignatyev Required privilege...

WordPress Pet World Theme <= 2.8 is vulnerable to PHP Object Injection

Software Pet World Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32284 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e46bfa7f1a9a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Sailthru Triggermail plugin < 1.1 - Subscriber+ Stored XSS vulnerability

Subscriber+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sailthru Triggermail versions 1.1...

WordPress Target Video Easy Publish plugin <= 3.8.9 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Target Video Easy Publish versions = 3.8.9...

WordPress AdMail plugin <= 1.7.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin AdMail – Multilingual Back in-Stock Notifier for WooCommerce versions = 1.7.0...

WordPress TextMe SMS plugin <= 1.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Aiden in WordPress Plugin TextMe SMS versions = 1.9.1...

WordPress FPW Category Thumbnails Plugin <= 1.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin FPW Category Thumbnails versions = 1.9.5...

WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control

Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...

WordPress Styler for Ninja Forms Plugin <= 3.3.4 is vulnerable to Settings Change

Software Styler for Ninja Forms Type Plugin Vulnerable versions = 3.3.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2024-10717 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2b68f06a005e Credits...

WordPress MPG Plugin <= 4.0.1 is vulnerable to Broken Access Control

Software MPG Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7424 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 61dc998feee8 Credits Rafshanzani Suhada Required privilege...

WordPress FileOrganizer Plugin <= 1.0.9 is vulnerable to Arbitrary File Upload

Software FileOrganizer Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7985 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9a28a4363098 Credits TANG Cheuk Hei siunam Required privilege...

WordPress SW Contact Form Plugin <= 1.0 is vulnerable to SQL Injection

Software SW Contact Form Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49612 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 50cfc368b184 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Royal Elementor Addons Plugin <= 1.3.986 is vulnerable to Sensitive Data Exposure

Software Royal Elementor Addons Type Plugin Vulnerable versions = 1.3.986 Fixed in 1.3.987 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-7417 Patch priority Low CVSS severity Low 4.3 Developer WProyal PSID 4060f71c187f Credits stealthcopter Required...

WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download

Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...

WordPress Email Subscribers & Newsletters Plugin <= 5.7.34 is vulnerable to Broken Access Control

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.34 Fixed in 5.7.35 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8771 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d3427c89899f Credits Michelle...

WordPress MStore API Plugin <= 4.15.3 is vulnerable to Arbitrary File Upload

Software MStore API Type Plugin Vulnerable versions = 4.15.3 Fixed in 4.15.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-8242 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5f5d39cca07a Credits stealthcopter Required privilege...