WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 6.4.8 - Authenticated (Author+) SQL Injection vulnerability

Authenticated Author+ SQL Injection vulnerability discovered by Kenneth Billones in WordPress Plugin Filebird versions = 6.4.8...

WordPress Campus Directory plugin <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via noaccessmsg Parameter vulnerability discovered by muhammad yudha in WordPress Plugin Campus Directory versions = 1.9.1...

WordPress All In One Slider Responsive plugin <= 3.7.9 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin All In One Slider Responsive versions = 3.7.9...

WordPress Conference Scheduler plugin <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Conference Scheduler versions = 2.5.1...

WordPress App Builder plugin <= 5.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Hiro Code016Hiro in WordPress Plugin App Builder versions = 5.5.6...

WordPress Fitness Park Theme <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Fitness Park Type Theme Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-50033 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f81317695731 Credits Peter Thaleikis Required privilege Contribut...

WordPress OceanWP Theme <= 4.0.9 is vulnerable to Cross Site Scripting (XSS)

Software OceanWP Type Theme Vulnerable versions = 4.0.9 Fixed in 4.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-5524 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aa9ebeb90689 Credits Asaf Mozes Required privilege...

WordPress Target Video Easy Publish plugin <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Target Video Easy Publish versions = 3.8.5...

WordPress Master Slider plugin <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider_pb and ms_slide Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mastersliderpb and msslide Shortcodes vulnerability discovered by muhammad yudha in WordPress Plugin Master Slider versions = 3.10.8...

WordPress Store Locator WordPress plugin <= 1.5.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Nguyen Kim Sang in WordPress Plugin Store Locator WordPress versions = 1.5.2...

WordPress Hydra Booking plugin <= 1.1.10 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Hydra Booking versions = 1.1.10...

WordPress WP Social Widget plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WP Social Widget versions = 2.3...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.23 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.23...

WordPress Campus Directory plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Campus Directory versions = 1.9.0...

WordPress TablePress plugin <= 3.1.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Parameters vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via Multiple Parameters vulnerability discovered by Asaf Mozes in WordPress Plugin TablePress versions = 3.1.2...

WordPress Hot Random Image plugin <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via link Parameter vulnerability discovered by Kishan Vyas in WordPress Plugin Hot Random Image versions = 1.9.2...

WordPress Import Social Events plugin <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Import Social Events versions = 1.8.5...

WordPress Z-Downloads plugin < 1.11.6 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Minh Giang & Christopher Houk in WordPress Plugin Z-Downloads versions 1.11.6...

WordPress JavaScript Logic plugin <= 0.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Daniel Ruf in WordPress Plugin JavaScript Logic versions = 0.1...

WordPress Simple Lightbox plugin < 2.9.4 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Simple Lightbox versions 2.9.4...