WordPress Malcure Malware Scanner plugin <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Malcure Malware Scanner versions = 16.8...

WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by ch4r0n in WordPress Plugin Maya Business versions = 1.2.0...

WordPress WP Event Manager plugin <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'organizername' vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin WP Event Manager versions = 3.1.50...

WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin EventON versions = 4.9.9...

WordPress WP Front User Submit / Front Editor plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin WP Front User Submit / Front Editor versions = 4.9.3...

WordPress Seven Stars Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Seven Stars Type Theme Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31067 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9c2cf87e3798 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress WP2LEADS plugin <= 3.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin WP2LEADS versions = 3.5.0...

WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability

WordPress eForm - WordPress Form Builder 4.19.1 - Cross Site Scripting XSS Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin eForm - WordPress Form Builder versions 4.19.1...

WordPress Axle Demo Importer plugin <= 1.0.3 - Author+ Arbitrary File Upload vulnerability

Author+ Arbitrary File Upload vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Axle Demo Importer versions = 1.0.3...

WordPress FlatNews Theme <= 5.8 is vulnerable to Cross Site Scripting (XSS)

Software FlatNews Type Theme Vulnerable versions = 5.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-32305 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ff5e3bb37606 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress History Log by click5 plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by SashaRyba in WordPress Plugin History Log by click5 versions = 1.0.13...

WordPress Property plugin 1.0.5-1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role Metadata in PayPal Registration vulnerability

Missing Authorization to Authenticated Author+ Privilege Escalation via propertypackageuserrole Metadata in PayPal Registration vulnerability discovered by kr0d in WordPress Plugin Property versions 1.0.5-1.0.6...

WordPress ReDi Restaurant Reservation plugin <= 24.1209 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin ReDi Restaurant Reservation versions = 24.1209...

WordPress Formulario de contacto SalesUp! plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Formulario de contacto SalesUp! versions = 1.0.14...

WordPress Plugin Oficial – Getnet para WooCommerce plugin < 1.8.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions 1.8.1...

WordPress kbucket plugin < 4.1.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin KBucket versions 4.1.5...

WordPress Sailthru Triggermail plugin < 1.1 - Subscriber+ Stored XSS vulnerability

Subscriber+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sailthru Triggermail versions 1.1...

WordPress ARForms Builder plugin < 1.7.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Malek Althubiany in WordPress Plugin ARForms Form Builder versions 1.7.1...

WordPress WP Content Security Plugin plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields vulnerability

Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin WP Content Security Plugin versions = 2.3...

WordPress Nomupay Payment Processing Gateway plugin <= 7.1.7 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin Nomupay Payment Processing Gateway versions = 7.1.7...