WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Paypal Payments versions = 5.7.46...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...

WordPress Classified Listing Plugin <= 5.0.6 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Classified Listing versions = 5.0.6...

WordPress Ogulo – 360° Tour plugin <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via slug Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Ogulo – 360° Tour versions = 1.0.11...

WordPress Spacious Theme <= 1.9.11 is vulnerable to Broken Access Control

Software Spacious Type Theme Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bca30fd3c674 Credits Dmitrii Ignatyev Required privilege...

WordPress Templately Plugin <= 3.2.7 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by ch4r0n Patchstack Alliance in WordPress Plugin Templately versions = 3.2.7...

WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Admin Menu Groups versions = 0.1.2...

WordPress Terms of Service & Privacy Policy Generator plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Terms of Service & Privacy Policy Generator versions = 1.0...

WordPress elink – Embed Content plugin <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation vulnerability

Authenticated Contributor+ Insufficient Input Validation vulnerability discovered by Shreyas Malhotra shreyas-malhotra in WordPress Plugin elink Embed Content versions = 1.1.0...

WordPress BizCalendar Web plugin <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by muhammad yudha in WordPress Plugin bizcalendar-web versions = 1.1.0.53...

WordPress Graphina plugin <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Graphina versions = 3.1.3...

WordPress 12 Step Meeting List Plugin <= 3.18.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin 12 Step Meeting List versions = 3.18.3...

WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin CM On Demand Search And Replace versions = 1.5.2...

WordPress JetElements For Elementor Plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetElements For Elementor versions = 2.7.9...

WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by TAKERU OTSUKA Patchstack Alliance in WordPress Plugin Simple Poll versions = 1.1.1...

WordPress Kalium Theme <= 3.18.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kalium Type Theme Vulnerable versions = 3.18.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-53347 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 959fedc4e441 Credits Ananda Dhakal Patchstack...

WordPress WP Easy Poll Plugin <= 2.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP Easy Poll versions = 2.2.9...

WordPress StreamWeasels YouTube Integration Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS)

Software StreamWeasels YouTube Integration Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11788 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbd6037644c5 Credits...

WordPress Theme Builder For Elementor Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Theme Builder For Elementor Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10782 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 266b574a3c97...

WordPress Save as PDF plugin by Pdfcrowd Plugin <= 4.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Save as PDF plugin by Pdfcrowd Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10891 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bc2c8b0bae5b Credits Peter...