228 matches found
WordPress Booster for WooCommerce plugin <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload vulnerability
Unauthenticated Double Extension Arbitrary File Upload vulnerability discovered by luckybuddy in WordPress Plugin Booster for WooCommerce versions = 7.2.4...
WordPress Platform Theme < 1.4.4 is vulnerable to Broken Access Control
Software Platform Type Theme Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2015-10143 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04b827207d59 Credits Marc-Alexandre Montpas Required...
WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 is vulnerable to Path Traversal
Software Pro Bulk Watermark Plugin for WordPress Type Theme Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2025-28973 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID c40f943bba08 Credits Tran Nguyen Bao Khanh VCI -...
WordPress Lasa Theme <= 1.1 is vulnerable to Local File Inclusion
Software Lasa Type Theme Vulnerable versions = 1.1 Fixed in 1.1.1 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49253 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 146f1b55407b Credits Phat RiO - BlueRock Required privilege...
WordPress Mr. Murphy Theme < 1.2.12.1 is vulnerable to PHP Object Injection
Software Mr. Murphy Type Theme Vulnerable versions 1.2.12.1 Fixed in 1.2.12.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49072 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 743adbe763dd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin DZS Video Gallery versions = 12.39...
WordPress PGS Core plugin <= 5.8.0 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...
WordPress Mayosis Core plugin <= 5.4.1 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Tonn in WordPress Plugin Mayosis Core versions = 5.4.1...
WordPress Foton Theme <= 2.5.2 is vulnerable to Local File Inclusion
Software Foton Type Theme Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39458 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e548d81179ab Credits Bonds Required privilege Unauthenticated Published ...
WordPress Ivy School Theme <= 1.6.0 is vulnerable to Local File Inclusion
Software Ivy School Type Theme Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39470 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2982cc652634 Credits Bonds Required privilege Unauthenticated...
WordPress Dessau Theme < 1.9 is vulnerable to Local File Inclusion
Software Dessau Type Theme Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39463 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 0679c8533d71 Credits Bonds Required privilege Unauthenticated Published 17...
WordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin TuriTop Booking System versions = 1.0.10...
WordPress Review Stars Count For WooCommerce plugin <= 2.0 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Aiden Thái An in WordPress Plugin Review Stars Count For WooCommerce versions = 2.0...
WordPress Ultimate Push Notifications plugin <= 1.2.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ultimate Push Notifications versions = 1.2.0...
Ubuntu: Security Advisory (USN-7330-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress RegistrationMagic Plugin <= 6.0.2.6 is vulnerable to Privilege Escalation
Software RegistrationMagic Type Plugin Vulnerable versions = 6.0.2.6 Fixed in 6.0.2.7 OWASP Top 10 A3: Injection Classification Privilege Escalation CVE CVE-2024-10508 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fa83ac6f8527 Credits shaman0x01 Required privilege...
WordPress AppPresser Plugin <= 4.4.6 is vulnerable to Privilege Escalation
Software AppPresser Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11024 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 25ae1391ba68 Credits shaman0x01...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.44 is vulnerable to Broken Authentication
Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.44 Fixed in 6.45 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10781 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0bd21f35fe5e...
WordPress Grip Theme <= 1.0.9 is vulnerable to Arbitrary File Upload
Software Grip Type Theme Vulnerable versions = 1.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52488 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b55cacdb5723 Credits Mika Required privilege Subscriber Published 20...
WordPress Clone Plugin <= 2.4.6 is vulnerable to PHP Object Injection
Software Clone Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10913 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3676e7fb18ec Credits Webbernaut Required privilege Unauthenticated...