WordPress Inset Theme <= 1.18.0 is vulnerable to Local File Inclusion

Software Inset Type Theme Vulnerable versions = 1.18.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2b36ab61c62f Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Membership For WooCommerce versions = 2.8.0...

WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Testimonial Slider versions = 2.0.13...

WordPress Save as PDF plugin by Pdfcrowd Plugin <= 4.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bc2c8b0bae5b Credits Peter...

WordPress Analytify Plugin <= 5.2.3 is vulnerable to Broken Access Control

Software Analytify Type Plugin Vulnerable versions = 5.2.3 Fixed in 5.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1809 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ab2e692a810a Credits Lucio Sá Required privilege Subscrib...

WordPress Duplicate Post Plugin <= 1.4.4 is vulnerable to Broken Access Control

Software Duplicate Post Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31435 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f8977e93ea85 Credits Dhabaleshwar Das Required...

WordPress Themify Event Post Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Themify Event Post Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30440 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9d185b777884 Credits Dhabaleshwar Das Required privilege...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

WordPress Mediabay Plugin <= 1.6 is vulnerable to Broken Access Control

Software Mediabay Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46612 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 01f288807115 Credits emad Required privilege Subscriber...

WordPress Email Subscribers & Newsletters Plugin <= 5.6.23 is vulnerable to Path Traversal

Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.6.23 Fixed in 5.6.24 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5414 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID a55da7ad2e82 Credits Marco Wotschka Required privile...