397 matches found
WordPress Funnel Builder by FunnelKit Plugin <= 3.11.1 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Funnel Builder by FunnelKit versions = 3.11.1...
WordPress StoryChief plugin <= 1.0.42 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin StoryChief versions = 1.0.42...
WordPress Latepoint plugin < 5.1.94 - Unauthenticated LFI vulnerability
Unauthenticated LFI vulnerability discovered by wesley wcraft in WordPress Plugin LatePoint versions 5.1.94...
WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability
Arbitrary Content Deletion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WordPress Event Manager, Event Calendar and Booking Plugin versions = 4.0.24...
WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Responsive Posts Carousel Pro versions = 15.0...
WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by hamza alhababseh in WordPress Plugin Membership For WooCommerce versions = 2.9.0...
WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability
WordPress GravityWP - Merge Tags = 1.4.4 - Local File Inclusion Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin GravityWP - Merge Tags versions = 1.4.4...
WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Peter Thaleikis in WordPress Plugin FundEngine versions = 1.7.4...
WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin IDonatePro versions = 2.1.9...
WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Easy Form Builder versions = 3.8.15...
WordPress Urna Theme <= 2.5.7 is vulnerable to Local File Inclusion
Software Urna Type Theme Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54689 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1413940e912e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress Platform Theme < 1.4.4 is vulnerable to Broken Access Control
Software Platform Type Theme Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2015-10143 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04b827207d59 Credits Marc-Alexandre Montpas Required...
WordPress MasterStudy LMS Pro plugin <= 4.7.9 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Thái An in WordPress Plugin MasterStudy LMS Pro versions = 4.7.9...
WordPress Support Board plugin <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret Key vulnerability
Unauthenticated Authorization Bypass due to Use of Default Secret Key vulnerability discovered by Foxyyy in WordPress Plugin Support Board versions = 3.8.0...
WordPress Home Villas Theme <= 2.8 is vulnerable to Arbitrary File Deletion
Software Home Villas Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Deletion CVE CVE-2025-5014 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID cba250cec63a Credits Thái An Required privilege Subscriber Published...
WordPress Blogvy Theme <= 1.0.7 is vulnerable to Local File Inclusion
Software Blogvy Type Theme Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49279 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 32ad01b31638 Credits Le Ngoc Anh Required privilege Unauthenticated...
WordPress Sofass Theme <= 1.3.4 is vulnerable to Local File Inclusion
Software Sofass Type Theme Vulnerable versions = 1.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-24760 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 97dd93e076df Credits Phat RiO - BlueRock Required privilege Unauthenticat...
WordPress Maia Theme <= 1.1.15 is vulnerable to Local File Inclusion
Software Maia Type Theme Vulnerable versions = 1.1.15 Fixed in 1.1.16 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49258 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 17919a5d64c7 Credits Phat RiO - BlueRock Required privilege...
WordPress Lasa Theme <= 1.1 is vulnerable to Local File Inclusion
Software Lasa Type Theme Vulnerable versions = 1.1 Fixed in 1.1.1 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-49253 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 146f1b55407b Credits Phat RiO - BlueRock Required privilege...
WordPress FW Gallery plugin <= 8.0.0 - Arbitrary File Deletion Vulnerability
Arbitrary File Deletion Vulnerability discovered by LVT-tholv2k in WordPress Plugin FW Gallery versions = 8.0.0...