WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorpassword Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...

WordPress City Hostel Theme <= 1.2.3 is vulnerable to Local File Inclusion

Software City Hostel Type Theme Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3b527ab49278 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Camelia Theme <= 1.2.13 is vulnerable to Local File Inclusion

Software Camelia Type Theme Vulnerable versions = 1.2.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 861b50981f0a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Nest Addons versions = 1.6.3...

WordPress LifePress plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by l8BL in WordPress Plugin LifePress versions = 2.1.3...

WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin CF7 WOW Styler versions = 1.7.2...

WordPress WP Pipes plugin <= 1.4.2 - Arbitrary File Deletion Vulnerability

Arbitrary File Deletion Vulnerability discovered by timomangcut in WordPress Plugin WP Pipes versions = 1.4.2...

WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by ch4r0n in WordPress Plugin Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light versions = 2.4.37...

WordPress Solar Energy Theme <= 3.5 is vulnerable to PHP Object Injection

Software Solar Energy Type Theme Vulnerable versions = 3.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32283 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 835d026bbefc Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - Limited .txt Path Traversal vulnerability

Limited .txt Path Traversal vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Advanced Database Cleaner PRO versions = 3.2.10...

WordPress Vizeon - Business Consulting Theme <= 1.1.7 is vulnerable to Local File Inclusion

Software Vizeon - Business Consulting Type Theme Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-31064 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2f12b007c549 Credits Tran Nguyen Bao Khanh VCI - VN...

WordPress ITSulu Theme <= 1.4.0 is vulnerable to Local File Inclusion

Software ITSulu Type Theme Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 809f0c6a06dd Credits Bonds Required privilege Unauthenticated Published...

WordPress Wise Chat plugin <= 3.3.3 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability

Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Wise Chat versions = 3.3.2...

WordPress Mayosis Core plugin <= 5.4.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Tonn in WordPress Plugin Mayosis Core versions = 5.4.1...

WordPress wProject Theme < 5.8.0 is vulnerable to Privilege Escalation

Software wProject Type Theme Vulnerable versions 5.8.0 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2025-39366 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID dc57f98abe0c Credits Dave Jong Patchstack Required privileg...

WordPress Eazy Plugin Manager plugin <= 4.3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Aiden in WordPress Plugin Eazy Plugin Manager versions = 4.3.0...

WordPress Booking & Appointment Plugin for WooCommerce Plugin <= 6.9.0 is vulnerable to Broken Access Control

Software Booking & Appointment Plugin for WooCommerce Type Plugin Vulnerable versions = 6.9.0 Fixed in 6.10.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10729 Patch priority High CVSS severity High 8.8 Developer Claim ownership PS...

WordPress Copymatic – AI Content Writer & Generator Plugin <= 1.6 is vulnerable to Arbitrary File Upload

Software Copymatic – AI Content Writer & Generator Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31351 Patch priority High CVSS severity High 10 Developer Claim ownership PSID aae3946a50f0 Credits Francois Harvey...

WordPress Kognetiks Chatbot for WordPress Plugin <= 2.0.0 is vulnerable to Arbitrary File Upload

Software Kognetiks Chatbot for WordPress Type Plugin Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-32700 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4fb22828865e Credits LVT-tholv2k Required...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.78 is vulnerable to Sensitive Data Exposure

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.78 Fixed in 2.2.79 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-32816 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4274dff100bf Credits Peng Zho...