WordPress KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Theme <= 4.21.0 is vulnerable to Local File Inclusion

Software KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Type Theme Vulnerable versions = 4.21.0 Fixed in 4.22.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-6991 Patch priority Low CVSS severity Low 7.5 Developer EPC PSID 34bd1e68ee25 Credits stealthcopt...

WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection

Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-47579 Patch priority High CVSS severity High 9 Developer EPC PSID f3488f35689e Credits Rafie Muhammad Patchstack Required privilege Unauthenticated...

WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability

WordPress Motors - Events plugin = 1.4.7 - Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Motors - Events versions = 1.4.7...

WordPress WooCommerce Ultimate Gift Card plugin <= 2.9.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin WooCommerce Ultimate Gift Card versions = 2.9.6...

WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin WooCommerce Photo Reviews versions = 1.3.13...

WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Seb in WordPress Plugin Blog Designer PRO versions = 3.4.7...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection

Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer EPC PSID 070158f14a77 Credits Rafie Muhammad Patchstack Required privilege Subscriber Published 22...

WordPress Blog Designer PRO plugin <= 3.4.7 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability

Unauthenticated Non-Arbitrary Local File Inclusion vulnerability discovered by Seb in WordPress Plugin Blog Designer PRO versions = 3.4.7...

WordPress Kleo Theme < 5.4.4 is vulnerable to Broken Access Control

Software Kleo Type Theme Vulnerable versions 5.4.4 Fixed in 5.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39367 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 7bef03870816 Credits Ananda Dhakal Patchstack Required privilege...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Car Park Booking System for WordPress versions = 2.6...

WordPress JNews Theme <= 11.6.5 is vulnerable to Broken Access Control

Software JNews Type Theme Vulnerable versions = 11.6.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39373 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 775c2569b9cb Credits Ananda Dhakal Patchstack Required privilege...

WordPress Revy plugin <= 2.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Revy versions = 2.1...

WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Hospital Management System versions = 47.020-11-2023...

WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-39351 Patch priority Low CVSS severity Low 4.3 Developer EPC PSID 9bd944eaa16b Credits Ananda Dhakal Patchstack...

WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to Broken Access Control

Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39353 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID ef329deabf36 Credits Ananda Dhakal Patchstack Required...

WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WPAMS versions = 44.0 17-08-2023...

WordPress WordPress Video Robot - The Ultimate Video Importer plugin <= 1.20.0 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress WordPress Video Robot - The Ultimate Video Importer plugin = 1.20.0 - Reflected Cross Site Scripting XSS vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin WordPress Video Robot - The Ultimate Video Importer versions = 1.20.0...