234 matches found
WordPress Youtube Vimeo Video Player and Slider WP Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Youtube Vimeo Video Player and Slider WP Plugin versions = 3.8...
WordPress Premium SEO Pack <= 3.3.2 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Premium SEO Pack versions = 3.3.2...
WordPress Gallery Widget plugin <= 1.2.1 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin Gallery Widget versions = 1.2.1...
WordPress Contact Us page - Contact people LITE plugin <= 3.7.4 - SQL Injection Vulnerability
WordPress Contact Us page - Contact people LITE plugin = 3.7.4 - SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin Contact Us page - Contact people LITE versions = 3.7.4...
WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WP Visitor Statistics Real Time Traffic versions = 7.8...
WordPress Neom Blog Theme <= 0.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Neom Blog Type Theme Vulnerable versions = 0.0.9 Fixed in 0.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-49274 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da522fea2d13 Credits Le Ngoc Anh Required privilege...
WordPress Fitness Park Theme <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Fitness Park Type Theme Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-50033 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f81317695731 Credits Peter Thaleikis Required privilege Contribut...
WordPress Simen Theme <= 4.6 is vulnerable to Local File Inclusion
Software Simen Type Theme Vulnerable versions = 4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-29002 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e7c41e25943d Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Require...
WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Frontend Dashboard versions = 2.2.8...
WordPress WP Multilang plugin <= 2.4.19 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by muhammad yudha in WordPress Plugin WP Multilang versions = 2.4.19...
WordPress Krowd Theme <= 1.4.1 is vulnerable to Local File Inclusion
Software Krowd Type Theme Vulnerable versions = 1.4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-32595 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 8a5ee19169be Credits Bonds Required privilege Unauthenticated Published 3...
WordPress FLAP - Business WordPress Theme Theme <= 1.5 is vulnerable to PHP Object Injection
Software FLAP - Business WordPress Theme Type Theme Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31396 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7616fcd52be9 Credits Tran Nguyen Bao Khanh VCI -...
CVE-2019-15475
The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onceea/onc:9/PKQ1.181021.001/V10.2.8.0.PFLEUXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=28, versionName=9 that allows unauthorized microphone audio...
CVE-2019-15433
The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed apps t...
WordPress Cost Calculator Builder plugin <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Krugov Artyom in WordPress Plugin Cost Calculator Builder versions = 3.2.74...
WordPress Responsive HTML5 Audio Player PRO With Playlist plugin <= 3.5.7 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Responsive HTML5 Audio Player PRO With Playlist versions = 3.5.7...
WordPress WPGYM plugin < 67.8.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin WPGYM versions 67.8.0...
WordPress Eventer plugin < 3.11.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Anhchangmutrang in WordPress Plugin Eventer versions 3.11.4...
WordPress WC Affiliate plugin <= 2.16 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin WC Affiliate versions = 2.16...
WordPress XT Event Widget for Social Events plugin <= 1.1.7 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by timomangcut in WordPress Plugin XT Event Widget for Social Events versions = 1.1.7...