WordPress GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin <= 2.8.97 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin GeoDirectory versions = 2.8.97...

WordPress Alone Theme <= 7.8.2 is vulnerable to Arbitrary Code Execution

Software Alone Type Theme Vulnerable versions = 7.8.2 Fixed in 7.8.5 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2025-52718 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 95e1c49b307c Credits Trương Hữu Phúc truonghuuphuc Required privileg...

WordPress Ruizarch Theme <= 1.1.0 is vulnerable to Local File Inclusion

Software Ruizarch Type Theme Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID a39d5d2adb6a Credits Bonds Required privilege Unauthenticated Publish...

WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Denver Jackson Patchstack Alliance in WordPress Plugin OttoKit versions = 1.0.82...

WordPress Vehica Core plugin <= 1.0.97 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Vehica Core versions = 1.0.97...