WordPress Premium SEO Pack <= 3.3.2 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Premium SEO Pack versions = 3.3.2...

WordPress Gallery Widget plugin <= 1.2.1 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin Gallery Widget versions = 1.2.1...

WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WP Visitor Statistics Real Time Traffic versions = 7.8...

WordPress Simen Theme <= 4.6 is vulnerable to Local File Inclusion

Software Simen Type Theme Vulnerable versions = 4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-29002 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e7c41e25943d Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Require...

WordPress WP Multilang plugin <= 2.4.19 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by muhammad yudha in WordPress Plugin WP Multilang versions = 2.4.19...

WordPress Krowd Theme <= 1.4.1 is vulnerable to Local File Inclusion

Software Krowd Type Theme Vulnerable versions = 1.4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-32595 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 8a5ee19169be Credits Bonds Required privilege Unauthenticated Published 3...

WordPress Responsive HTML5 Audio Player PRO With Playlist plugin <= 3.5.7 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Responsive HTML5 Audio Player PRO With Playlist versions = 3.5.7...

WordPress Eventer plugin < 3.11.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Anhchangmutrang in WordPress Plugin Eventer versions 3.11.4...

WordPress WC Affiliate plugin <= 2.16 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin WC Affiliate versions = 2.16...

WordPress XT Event Widget for Social Events plugin <= 1.1.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by timomangcut in WordPress Plugin XT Event Widget for Social Events versions = 1.1.7...

WordPress WP Editor plugin <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read vulnerability

Authenticated Administrator+ Directory Traversal to Arbitrary File Read vulnerability discovered by nquangit in WordPress Plugin WP Editor versions = 1.2.9.1...

WordPress WP Editor plugin <= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update vulnerability

Authenticated Administrator+ Directory Traversal to Arbitrary File Update vulnerability discovered by nquangit in WordPress Plugin WP Editor versions = 1.2.9.1...

WordPress Cost Calculator Builder plugin <= 3.2.65 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Cost Calculator Builder versions = 3.2.65...

WordPress Author WIP Progress Bar plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Author WIP Progress Bar versions = 1.0...

WordPress BMA Lite plugin <= 1.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Pham Van Phuoc - VNPT Cyber Immunity in WordPress Plugin BMA Lite versions = 1.4.2...

WordPress Grip Theme <= 1.0.9 is vulnerable to Local File Inclusion

Software Grip Type Theme Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26735 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b5e4d6f7b083 Credits tahu.datar Required privilege Unauthenticated Publishe...

WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by theviper17 in WordPress Plugin Solace Extra versions = 1.3.1...

WordPress Verowa Connect plugin <= 3.0.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Verowa Connect versions = 3.0.5...

WordPress YaMaps for WordPress plugin <= 0.6.40 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin YaMaps for WordPress versions = 0.6.40...

WordPress Beds24 Online Booking plugin <= 2.0.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Beds24 Online Booking versions = 2.0.28...