CVE-2025-14037

The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. This makes it possible for authenticated...

WordPress Admin Safety Guard plugin <= 1.2.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Robert Akhmerov v31dt in WordPress Plugin Admin Safety Guard versions = 1.2.7...

CVE-2026-28036 WordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through = 1.2.6...

PT-2026-23318

Server-Side Request Forgery SSRF vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through = 1.2.6...

CVE-2025-69405

Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store: from n/a through = 1.2.11...

CVE-2025-60178

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.6...

PT-2025-52149

Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through = 1.2.6...

EUVD-2025-203562

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through = 1.2.6...

CVE-2025-67962 WordPress Broken Link Checker plugin <= 1.2.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through = 1.2.6...

WordPress Broken Link Checker plugin <= 1.2.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by mcdruid in WordPress Plugin Broken Link Checker versions = 1.2.6...

CVE-2025-57924

Cross-Site Request Forgery CSRF vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6...

CVE-2025-57924

CVE-2025-57924 is a CSRF vulnerability in the Automattic Developer WordPress plugin, affecting versions up to 1.2.6. The provided data include CVSS 3.1 metrics (3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N with base score 4.3). No exploit details or remediation are provided in the documents.

WordPress FW Anker Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin FW Anker versions = 1.2.6...

CVE-2025-58211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Stored XSS.This issue affects Chatbox Manager: from n/a through = 1.2.6...

WordPress WP Gravity Forms HubSpot plugin <= 1.2.6 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms HubSpot versions = 1.2.6...

WordPress Appzend theme <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via progressbarLayout Parameter vulnerability discovered by Peter Thaleikis in WordPress Theme Appzend versions = 1.2.6...

CVE-2024-54212

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through = 1.3.6...

PT-2024-16137 · WordPress · Nioland Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Nioland theme for WordPress versions up to, and including, 1.2.6 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject...

WordPress Nioland theme <= 1.2.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by sav4n in WordPress Theme Nioland versions = 1.2.6...

WordPress Popularis Extra plugin <= 1.2.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Popularis Extra versions = 1.2.6...