WordPress Wonder Slider plugin <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting

Authenticated Contributor+ Dom-based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Wonder Slider versions = 14.4...

WordPress Youtube Vimeo Video Player and Slider WP Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Youtube Vimeo Video Player and Slider WP Plugin versions = 3.8...

WordPress Contact Us page - Contact people LITE plugin <= 3.7.4 - SQL Injection Vulnerability

WordPress Contact Us page - Contact people LITE plugin = 3.7.4 - SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin Contact Us page - Contact people LITE versions = 3.7.4...

WordPress Neom Blog Theme <= 0.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Neom Blog Type Theme Vulnerable versions = 0.0.9 Fixed in 0.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-49274 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID da522fea2d13 Credits Le Ngoc Anh Required privilege...

WordPress Fitness Park Theme <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Fitness Park Type Theme Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-50033 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f81317695731 Credits Peter Thaleikis Required privilege Contribut...

WordPress Frontend Dashboard plugin <= 2.2.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Frontend Dashboard versions = 2.2.8...

WordPress FLAP - Business WordPress Theme Theme <= 1.5 is vulnerable to PHP Object Injection

Software FLAP - Business WordPress Theme Type Theme Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31396 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7616fcd52be9 Credits Tran Nguyen Bao Khanh VCI -...

WordPress Cost Calculator Builder plugin <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Krugov Artyom in WordPress Plugin Cost Calculator Builder versions = 3.2.74...

WordPress WPGYM plugin < 67.8.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin WPGYM versions 67.8.0...

WordPress XT Event Widget for Social Events plugin <= 1.1.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by timomangcut in WordPress Plugin XT Event Widget for Social Events versions = 1.1.7...

WordPress Beds24 Online Booking plugin <= 2.0.29 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Beds24 Online Booking versions = 2.0.29...

WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin Custom Functions Plugin versions = 1.1...

WordPress AnalyticsWP <= 2.1.2 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin AnalyticsWP versions = 2.1.2...

WordPress Hostel plugin <= 1.1.5.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Hostel versions = 1.1.5.6...

WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability

Shortcode Injection vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Sign-up Sheets versions = 2.3.0.1...

WordPress Beds24 Online Booking plugin <= 2.0.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Beds24 Online Booking versions = 2.0.28...

WordPress MasterStudy LMS plugin <= 3.5.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin MasterStudy LMS versions = 3.5.28...

WordPress WooCommerce Price Alert Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Price Alert Type Plugin Vulnerable versions = 1.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52469 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64532f957694 Credits Mika Required privilege...

WordPress QRMenu Restaurant QR Menu Lite Plugin <= 1.0.3 is vulnerable to PHP Object Injection

Software QRMenu Restaurant QR Menu Lite Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52445 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID faf2a3afc906 Credits LVT-tholv2k Required...

WordPress Google for WooCommerce Plugin <= 2.8.6 is vulnerable to Sensitive Data Exposure

Software Google for WooCommerce Type Plugin Vulnerable versions = 2.8.6 Fixed in 2.8.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-10486 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aafd7d494c83 Credits Francesco Carlucci...