WordPress Spacious Theme <= 1.9.11 is vulnerable to Broken Access Control

Software Spacious Type Theme Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bca30fd3c674 Credits Dmitrii Ignatyev Required privilege...

WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin e-Boekhouden.nl versions = 1.9.3...

WordPress PressApps Knowledge Base Contextual Sidebar Addon Plugin <= 4.2.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin PressApps Knowledge Base Contextual Sidebar Addon versions = 4.2.1...

WordPress AutoWP plugin <= 2.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin AutoWP versions = 2.2.4...

WordPress Better Post & Filter Widgets for Elementor plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra Patchstack Alliance in WordPress Plugin Better Post & Filter Widgets for Elementor versions = 1.6.1...

WordPress Jobmonster Theme <= 4.7.9 is vulnerable to Broken Authentication

Software Jobmonster Type Theme Vulnerable versions = 4.7.9 Fixed in 4.8.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54738 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 87e1e5542be4 Credits Tran Nguyen...

WordPress Golo Theme <= 1.7.0 is vulnerable to Broken Authentication

Software Golo Type Theme Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54725 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a2ab39e8e113 Credits Aiden Required...

WordPress Kalium Theme <= 3.18.3 is vulnerable to Broken Access Control

Software Kalium Type Theme Vulnerable versions = 3.18.3 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2025-53348 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f2f57429b255 Credits Ananda Dhakal Patchstack Required privilege...

WordPress Magazine Elite Theme <= 1.2.4 is vulnerable to Local File Inclusion

Software Magazine Elite Type Theme Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53244 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID da2ed7dcedc4 Credits Le Ngoc Anh Required privilege Unauthenticat...

WordPress WP Webhooks plugin <= 3.3.5 - Unauthenticated Arbitrary File Copy vulnerability

Unauthenticated Arbitrary File Copy vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Webhooks versions = 3.3.5...

WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Ovatheme Events versions = 1.2.8...

WordPress LifePress plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by l8BL in WordPress Plugin LifePress versions = 2.1.3...

WordPress Colorbox Lightbox Plugin <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Colorbox Lightbox versions = 1.1.5...

WordPress Templately Plugin <= 3.2.7 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by ch4r0n Patchstack Alliance in WordPress Plugin Templately versions = 3.2.7...

WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software JobZilla - Job Board WordPress Theme Type Theme Vulnerable versions = 2.0 Fixed in 2.0.1 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-49382 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 33cb80ce3eab Credi...

WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability

Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.4...

WordPress Funnel Builder by FunnelKit Plugin <= 3.11.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Funnel Builder by FunnelKit versions = 3.11.1...

WordPress Markup Markdown plugin <= 3.20.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by JeonKim in WordPress Plugin Markup Markdown versions = 3.20.6...

WordPress FunnelKit Automations plugin <= 3.6.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin FunnelKit Automations versions = 3.6.3...

WordPress Essential Doo Components for Visual Composer plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Essential Doo Components for Visual Composer versions = 1.9...