WordPress eForm plugin <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by shaman0x01 in WordPress Plugin eForm - WordPress Form Builder versions = 4.18.0...

WordPress Raptive Ads plugin <= 3.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Parasimpaticki in WordPress Plugin Raptive Ads versions = 3.7.3...

WordPress Wallet System for WooCommerce plugin <= 2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Wallet System for WooCommerce versions = 2.6.8...

WordPress WooCommerce – Store Exporter plugin <= 2.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Store Exporter versions = 2.7.4...

WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000025 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Insert or Embed Articulate Content into WordPress versions = 4.3000000025...

WordPress Popping Content Light plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Popping Content Light versions = 2.4...

WordPress Broadstreet plugin <= 1.52.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin Broadstreet Ads versions = 1.52.1...

WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Wptobe-signinup versions = 1.1.2...

WordPress TextMe SMS plugin <= 1.9.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Aiden in WordPress Plugin TextMe SMS versions = 1.9.1...

WordPress Publitio plugin <= 2.2.0 - Arbitrary File Read vulnerability

Arbitrary File Read vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Publitio versions = 2.2.0...

WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin MyBookProgress by Stormhill Media versions = 1.0.8...

WordPress Wigi Theme <= 2.0.1 is vulnerable to Arbitrary File Upload

Software Wigi Type Theme Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2025-30996 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID a3f5b750c9b1 Credits Tran Nguyen Bao Khanh VCI - VNPT...

WordPress Shopify to WooCommerce Migration plugin <= 1.3.0 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika in WordPress Plugin Shopify to WooCommerce Migration versions = 1.3.0...

WordPress WordPress Galleria plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin WordPress Galleria versions = 1.4...

WordPress Access Areas Plugin <= 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Access Areas versions = 1.5.19...

WordPress Kudos Donations Plugin <= 3.2.9 is vulnerable to Cross Site Scripting (XSS)

Software Kudos Donations Type Plugin Vulnerable versions = 3.2.9 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11684 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 27c0ae774d02 Credits vgo0 Required...

WordPress FAQ Builder AYS Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software FAQ Builder AYS Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11458 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4525aff9e72c Credits vgo0 Required...

WordPress SEO Landing Page Generator Plugin <= 1.66.2 is vulnerable to Cross Site Scripting (XSS)

Software SEO Landing Page Generator Type Plugin Vulnerable versions = 1.66.2 Fixed in 1.66.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11366 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d742f2bf7f0 Credits vgo0...

WordPress Video Lessons Manager Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Video Lessons Manager Type Plugin Vulnerable versions = 1.8.2 Fixed in 1.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11202 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de6edf652333 Credits Peter...

WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.15 is vulnerable to Cross Site Scripting (XSS)

Software Booking calendar, Appointment Booking System Type Plugin Vulnerable versions = 3.2.15 Fixed in 3.2.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9504 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...