WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WordPress Event Manager, Event Calendar and Booking Plugin versions = 4.0.24...

WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Responsive Posts Carousel Pro versions = 15.0...

WordPress Welcart e-Commerce Plugin <= 2.11.16 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by 63n0 in WordPress Plugin Welcart e-Commerce versions = 2.11.16...

WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by hamza alhababseh in WordPress Plugin Membership For WooCommerce versions = 2.9.0...

WordPress WP Dynamic Links plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin WP Dynamic Links versions = 1.0.1...

WordPress AnWP Football Leagues plugin <= 0.16.17 - Authenticated (Administrator+) CSV Injection vulnerability

Authenticated Administrator+ CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AnWP Football Leagues versions = 0.16.17...

WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WordPress Event Manager, Event Calendar and Booking Plugin versions = 4.0.24...

WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by theviper17 in WordPress Plugin Project Cost Calculator versions = 1.0.0...

WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability

WordPress GravityWP - Merge Tags = 1.4.4 - Local File Inclusion Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin GravityWP - Merge Tags versions = 1.4.4...

WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Peter Thaleikis in WordPress Plugin FundEngine versions = 1.7.4...

WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin IDonatePro versions = 2.1.9...

WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Easy Form Builder versions = 3.8.15...

WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin CF7 WOW Styler versions = 1.7.2...

WordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by theviper17 in WordPress Plugin Code Engine versions = 0.3.3...

WordPress Urna Theme <= 2.5.7 is vulnerable to Local File Inclusion

Software Urna Type Theme Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54689 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1413940e912e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Woffice Core plugin <= 5.4.26 - Authenticated (Contributor+) Arbitrary File Deletion vulnerability

Authenticated Contributor+ Arbitrary File Deletion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Woffice Core versions = 5.4.26...

WordPress Druco Theme <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Druco Type Theme Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-54055 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fecdac8e286 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Brizy plugin <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload vulnerability

Missing Authorization to Unauthenticated Limited File Upload vulnerability discovered by mikemyers in WordPress Plugin Brizy versions = 2.6.20...

WordPress Platform Theme < 1.4.4 is vulnerable to Broken Access Control

Software Platform Type Theme Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2015-10143 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04b827207d59 Credits Marc-Alexandre Montpas Required...

WordPress MinimogWP Theme <= 3.9.0 is vulnerable to Content Injection

Software MinimogWP Type Theme Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-8198 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d80fff95e821 Credits Valatty Required privilege Unauthenticated Published ...