WordPress GS Testimonial Slider plugin <= 3.2.9 - Content Injection vulnerability

Content Injection vulnerability discovered by theviper17 in WordPress Plugin GS Testimonial Slider versions = 3.2.9...

WordPress Ultimate WP Mail plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin Ultimate WP Mail versions = 1.3.4...

WordPress Team Members Plugin plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by siavashvafshar in WordPress Plugin Team Members Plugin versions = 3.4.1...

WordPress AI Autotagger plugin < 3.30.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin TaxoPress versions 3.30.0...

WordPress Image Style Hover plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Image Style Hover versions = 1.0.6...

WordPress Theme Switcha plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Theme Switcha versions = 3.4...

WordPress Advanced Google Maps plugin <= 5.8.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Anhchangmutrang Patchstack Alliance in WordPress Plugin Advanced Google Maps versions = 5.8.4...

WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin PropertyHive versions = 2.1.2...

WordPress Betheme Theme <= 28.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Betheme Type Theme Vulnerable versions = 28.0.3 Fixed in 28.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-3077 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7b297a9d938e Credits Webbernaut Required privilege...

WordPress WP Project Manager plugin <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin WP Project Manager versions = 2.6.22...

WordPress Kargo Entegratör plugin <= 1.1.14 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Kargo Entegratör versions = 1.1.14...

WordPress YouTube Embed plugin <= 5.3.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abhinav Porwal in WordPress Plugin YouTube Embed versions = 5.3.1...

WordPress Woo Product Feed For Marketing Channels plugin <= 1.9.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by theviper17 in WordPress Plugin Woo Product Feed For Marketing Channels versions = 1.9.0...

WordPress MasterStudy LMS plugin <= 3.5.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin MasterStudy LMS versions = 3.5.28...

WordPress Hyperlink Group Block plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Hyperlink Group Block versions = 2.0.1...

WordPress Pearl plugin <= 1.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Pearl versions = 1.3.9...

WordPress Easy!Appointments plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Easy!Appointments versions = 1.4.2...

WordPress Boo Recipes plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Boo Recipes versions = 2.4.1...

WordPress pCloud Backup plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin pCloud Backup versions = 1.0.1...

WordPress Pricing Tables For WPBakery Page Builder Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Pricing Tables For WPBakery Page Builder Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10175 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0ff7f9a0a3a4 Credits...