WordPress EventON Lite plugin <= 2.4.6 - Authenticated (Contributor+) Information Disclosure vulnerability

Authenticated Contributor+ Information Disclosure vulnerability discovered by Takihana Shota in WordPress Plugin EventON versions = 2.4.6...

WordPress BizCalendar Web plugin <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by muhammad yudha in WordPress Plugin bizcalendar-web versions = 1.1.0.53...

WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Embedder for Google Reviews versions = 1.7.3...

WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin WP Statistics versions = 14.15...

WordPress AnWP Football Leagues plugin <= 0.16.17 - Authenticated (Administrator+) CSV Injection vulnerability

Authenticated Administrator+ CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AnWP Football Leagues versions = 0.16.17...

WordPress Brizy plugin <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload vulnerability

Missing Authorization to Unauthenticated Limited File Upload vulnerability discovered by mikemyers in WordPress Plugin Brizy versions = 2.6.20...

WordPress MinimogWP Theme <= 3.9.0 is vulnerable to Content Injection

Software MinimogWP Type Theme Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-8198 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d80fff95e821 Credits Valatty Required privilege Unauthenticated Published ...

WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Radio Station versions = 2.5.12...

WordPress Post Rating and Review plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via class Parameter vulnerability discovered by Gilang in WordPress Plugin Post Rating and Review versions = 1.3.4...

WordPress PowerPress Podcasting plugin <= 11.13.11 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Anhchangmutrang in WordPress Plugin PowerPress Podcasting versions = 11.13.11...

WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin HUSKY versions = 1.3.7...

WordPress Spark Multipurpose Theme <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Spark Multipurpose Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-50030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 093473ec2f16 Credits Peter Thaleikis Required privilege...

WordPress Simple Logo Carousel plugin <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Logo Carousel versions = 1.9.3...

WordPress Click to Chat plugin <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via data-nonumber Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Click to Chat versions = 4.22...

WordPress Yougler Blogger Profile Page plugin <= v1.01 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by johska in WordPress Plugin Yougler Blogger Profile Page versions v1.01...

WordPress File Manager Pro – Filester plugin <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin File Manager Pro versions = 1.8.8...

WordPress Game Review Block plugin <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Game Review Block versions = 4.8.1...

WordPress Premium Addons for Elementor plugin <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Asaf Mozes in WordPress Plugin Premium Addons for Elementor versions = 4.11.8...

WordPress Video Embeds plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Fore-Z co.ltd in WordPress Plugin Video Embeds versions = 0.1.1...

WordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin TicketBAI Facturas para WooCommerce versions = 3.45...