WordPress Smart Maintenance Mode plugin <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Dogus Demirkiran in WordPress Plugin Smart Maintenance Mode versions = 1.5.1...

WordPress Revy plugin <= 2.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Revy versions = 2.1...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to Broken Access Control

Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39353 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID ef329deabf36 Credits Ananda Dhakal Patchstack Required...

Personal Management System 安全漏洞

Personal Management System is a web application for managing personal data by Dariusz Personal Developer. A security vulnerability exists in Personal Management System version 1.4.65, which stems from vulnerability to cross-site request forgery attacks that could lead to the execution of arbitrar...

WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-39351 Patch priority Low CVSS severity Low 4.3 Developer EPC PSID 9bd944eaa16b Credits Ananda Dhakal Patchstack...

WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WPAMS versions = 44.0 17-08-2023...

WordPress WordPress Video Robot - The Ultimate Video Importer plugin <= 1.20.0 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress WordPress Video Robot - The Ultimate Video Importer plugin = 1.20.0 - Reflected Cross Site Scripting XSS vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin WordPress Video Robot - The Ultimate Video Importer versions = 1.20.0...

WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability

WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin = 1.7.8 - PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Smart Sections Theme Builder - WPBakery Page Builder Addon versions = 1.7.8...

WordPress JetElements For Elementor plugin <= 2.7.4.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JetElements For Elementor versions = 2.7.4.1...

WordPress JetElements For Elementor plugin <= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin JetElements For Elementor versions = 2.7.4.1...

WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Name Directory versions = 1.30.0...

WordPress Modal Survey plugin <= 2.0.2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Modal Survey versions = 2.0.2.0.1...

WordPress Ultimate Member plugin <= 2.10.1 - Unauthenticated Blind SQL Injection vulnerability

Unauthenticated Blind SQL Injection vulnerability discovered by Muhamad Visat in WordPress Plugin Ultimate Member versions = 2.10.1...

WordPress Modal Survey plugin <= 2.0.2.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Modal Survey versions = 2.0.2.0.1...

WordPress Html5 Audio Player plugin <= 2.2.28 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Html5 Audio Player versions = 2.2.28...

WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin MelaPress Login Security versions = 2.1.0...

WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin PropertyHive versions = 2.1.2...

WordPress Responsive Blocks plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Responsive Blocks versions = 2.0.2...

WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Membership For WooCommerce versions = 2.8.0...