WordPress myCred plugin <= 2.9.4.3 - Race Condition Vulnerability

Race Condition Vulnerability discovered by Esteban Montes Morales in WordPress Plugin myCred versions = 2.9.4.3...

WordPress StreamWeasels Twitch Integration plugin <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gai Tanaka in WordPress Plugin StreamWeasels Twitch Integration versions = 1.9.3...

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Image Title and Slide Link vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...

WordPress CRM and Lead Management by vcita plugin <= 2.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via type Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via type Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin CRM and Lead Management by vcita versions = 2.7.5...

WordPress Hestia Theme <= 3.2.10 is vulnerable to Broken Access Control

Software Hestia Type Theme Vulnerable versions = 3.2.10 Fixed in 3.2.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53986 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 41f2dbfe1ff2 Credits Martino Spagnuolo r3verii Required...

WordPress Slim SEO plugin <= 4.5.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ChuongVN in WordPress Plugin Slim SEO versions = 4.5.4...

WordPress Responsive Gallery Grid plugin < 2.3.15 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Responsive Gallery Grid versions 2.3.15...

WordPress YaySMTP plugin <= 2.6.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ChuongVN in WordPress Plugin YaySMTP versions = 2.6.4...

WordPress WooCommerce Product Table Lite plugin <= 3.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin WooCommerce Product Table Lite versions = 3.9.5...

WordPress CartBoss plugin <= 4.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CartBoss versions = 4.1.2...

WordPress Responsive Filterable Portfolio Plugin <= 1.0.22 is vulnerable to Server Side Request Forgery (SSRF)

Software Responsive Filterable Portfolio Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-51785 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...

WordPress Fancy Elementor Flipbox Plugin <= 2.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Fancy Elementor Flipbox Type Plugin Vulnerable versions = 2.5.1 Fixed in 2.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2349 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dd388fab11b8 Credits Francesco Carluc...