PT-2025-1819 · WordPress · Wp Database Backup

Name of the Vulnerable Software and Affected Versions: WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress versions up to, and including, 7.3 Description: The issue allows unauthenticated attackers to extract sensitive data, including all information store...

PT-2025-4446 · Unknown · Cf7Save Extension

Name of the Vulnerable Software and Affected Versions: Cf7Save Extension versions prior to 1 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious scripts into w...

PT-2025-2663 · Iocharger · Iocharger

Name of the Vulnerable Software and Affected Versions: Iocharger firmware for AC models versions prior to 24120701 Description: The issue allows attackers to upload arbitrary files to /tmp/upload/ or /tmp/ as any user, although the file upload interface is only visible to the iocadmin user. The...

PT-2025-2803 · Unknown · Neat Board Nfc

Name of the Vulnerable Software and Affected Versions: Neat Board NFC version 1.20240620.0015 Description: A Buffer Overflow issue exists, allowing physically proximate attackers to escalate privileges via a crafted payload to the password field. This enables local privilege escalation...

PT-2025-3733 · WordPress · Piotnet Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Piotnet Addons For Elementor plugin for WordPress versions up to, and including, 2.4.31 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Heading widget due to insufficient input sanitization and output escapin...

PT-2025-4375 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.8 Description: A Reflected Cross-Site Scripting XSS vulnerability was identified in the "configuracao geral.php" endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...

PT-2025-2677 · Unknown · Aims Ecrew

Name of the Vulnerable Software and Affected Versions: AIMS eCrew versions prior to JUN23 190 Description: Multiple functions in AIMS eCrew are vulnerable to Authorization Bypass. The issue was fixed in version JUN23 190. Recommendations: For versions prior to JUN23 190, update to version JUN23 1...

PT-2025-4419 · WordPress · Wp Visitor Statistics

Name of the Vulnerable Software and Affected Versions: WP Visitor Statistics Real Time Traffic versions n/a through 7.3 Description: The issue is related to a missing authorization vulnerability in WP Visitor Statistics Real Time Traffic, which allows exploitation of incorrectly configured access...

PT-2025-3242 · Tips Tricks Hq · Compact Wp Audio Player

Name of the Vulnerable Software and Affected Versions: Tips and Tricks HQ Compact WP Audio Player versions 1.9.14 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability that allows Server Side Request Forgery. This means an attacker can potentially trick the server...

PT-2025-4464 · Unknown · Wpindeed Ultimate Learning Pro

Name of the Vulnerable Software and Affected Versions: WpIndeed Ultimate Learning Pro versions prior to 3.9 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

PT-2025-1767 · Google · Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress versions up to, and including, 3.1 Description: The issue is related to the public accessibility of the print php information.php file, which allows...

PT-2025-4529 · Unknown · Ofek Nakar Virtual Bot

Name of the Vulnerable Software and Affected Versions: Ofek Nakar Virtual Bot versions n/a through 1.0.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge,...

PT-2025-3239 · Unknown · Wpforms Contact Form

Name of the Vulnerable Software and Affected Versions: WPForms Contact Form versions 1.9.2.2 and earlier Description: The issue is related to a missing authorization vulnerability in the WPForms Contact Form, which allows the exploitation of incorrectly configured access control security levels...

PT-2025-1690 · WordPress · Sell Media

Name of the Vulnerable Software and Affected Versions: Sell Media plugin for WordPress versions up to and including 2.5.8.5 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the sell media...

PT-2025-1855 · WordPress · Chat Support For Viber

Name of the Vulnerable Software and Affected Versions: Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'vchat'...

PT-2025-2743 · Elspec Engineering · Elspec Engineering G5 Digital Fault Recorder Firmware

Name of the Vulnerable Software and Affected Versions: Elspec Engineering G5 Digital Fault Recorder Firmware version 1.2.1.12 Description: The issue is related to an XML External Entity XXE vulnerability, which allows attackers to cause a Denial of Service DoS via a crafted XML payload. This...

PT-2025-4420 · WordPress · Hero Banner Ultimate

Name of the Vulnerable Software and Affected Versions: Hero Banner Ultimate versions 1.4.2 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability, in WP OnlineSupport,...

PT-2025-4546 · Unknown · Smoothness Slider Shortcode

Name of the Vulnerable Software and Affected Versions: Smoothness Slider Shortcode versions n/a through v1.2.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended...

PT-2025-2880 · Adportal · Adportal

Name of the Vulnerable Software and Affected Versions: AdPortal version 3.0.39 Description: A remote attacker can execute arbitrary code via the file upload functionality due to a File Upload Bypass issue. This allows attackers to bypass file upload checks and run arbitrary code. Recommendations:...

PT-2025-1860 · Gpt4 +5 · Gpt4 +5

Name of the Vulnerable Software and Affected Versions: The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to a missing capability check and file type validatio...