WordPress My auctions allegro plugin <= 3.6.32 - Unauthenticated Local File Inclusion via controller vulnerability

Unauthenticated Local File Inclusion via controller vulnerability discovered by type5afe in WordPress Plugin My auctions allegro versions = 3.6.32...

WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability

Unauthenticated Arbitrary File Upload via 'copypostimage' vulnerability discovered by Talal Nasraddeen in WordPress Plugin Gravity Forms versions = 2.9.20...

WordPress Doccure Core plugin < 1.5.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Doccure Core versions 1.5.4...

WordPress Tablesome plugin <= 1.1.32 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Talal Nasraddeen in WordPress Plugin Tablesome versions = 1.1.32...

WordPress Quickcreator – AI Blog Writer plugin 0.0.9-0.1.17 - Unauthenticated API Key Exposure vulnerability

Unauthenticated API Key Exposure vulnerability discovered by kr0d in WordPress Plugin Quickcreator – AI Blog Writer versions 0.0.9-0.1.17...

WordPress The Events Calendar plugin <= 6.15.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin The Events Calendar versions = 6.15.1...

WordPress User Meta – User Profile Builder and User management plugin plugin <= 3.1.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Kishan Vyas in WordPress Plugin User Meta versions = 3.1.2...

WordPress Gutentype Theme <= 2.1.11 is vulnerable to Local File Inclusion

Software Gutentype Type Theme Vulnerable versions = 2.1.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 42f4a10f514e Credits Bonds Required privilege Unauthenticated Publish...

WordPress Wine House Theme <= 3.12 is vulnerable to Local File Inclusion

Software Wine House Type Theme Vulnerable versions = 3.12 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e14880ba7339 Credits Bonds Required privilege Unauthenticated Publishe...

WordPress Chardonnay Theme <= 1.19.0 is vulnerable to Local File Inclusion

Software Chardonnay Type Theme Vulnerable versions = 1.19.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1db13f9cabe3 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Indutri Theme < 1.3.0 is vulnerable to Local File Inclusion

Software Indutri Type Theme Vulnerable versions 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-58214 Patch priority High CVSS severity High 8.1 Developer DDM PSID 682e3e6619f4 Credits Bonds Required privilege Unauthenticated Published 30 August, 202...

WordPress Booster for WooCommerce plugin <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload vulnerability

Unauthenticated Double Extension Arbitrary File Upload vulnerability discovered by luckybuddy in WordPress Plugin Booster for WooCommerce versions = 7.2.4...

WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability

WordPress Otter - Gutenberg Block Plugin = 3.1.0 - Sensitive Data Exposure Vulnerability discovered by Abu Hurayra in WordPress Plugin Otter - Gutenberg Block versions = 3.1.0...

WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Drag and Drop File Upload for Elementor Forms versions = 1.5.3...

WordPress PressApps Knowledge Base Contextual Sidebar Addon Plugin <= 4.2.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin PressApps Knowledge Base Contextual Sidebar Addon versions = 4.2.1...

WordPress Jobmonster Theme <= 4.7.9 is vulnerable to Broken Authentication

Software Jobmonster Type Theme Vulnerable versions = 4.7.9 Fixed in 4.8.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54738 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 87e1e5542be4 Credits Tran Nguyen...

WordPress Golo Theme <= 1.7.0 is vulnerable to Broken Authentication

Software Golo Type Theme Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54725 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a2ab39e8e113 Credits Aiden Required...

WordPress Magazine Elite Theme <= 1.2.4 is vulnerable to Local File Inclusion

Software Magazine Elite Type Theme Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53244 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID da2ed7dcedc4 Credits Le Ngoc Anh Required privilege Unauthenticat...

WordPress WP Webhooks plugin <= 3.3.5 - Unauthenticated Arbitrary File Copy vulnerability

Unauthenticated Arbitrary File Copy vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Webhooks versions = 3.3.5...

WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Ovatheme Events versions = 1.2.8...