WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin FluentCommunity versions = 2.0.0...

WordPress Gutenverse plugin <= 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin Gutenverse versions = 3.2.1...

WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Appointment Booking Calendar versions = 1.3.95...

WordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Survey Maker versions = 5.1.9.4...

WordPress WP Headless CMS Framework plugin <= 1.15 - Unauthenticated Protection Mechanism Bypass vulnerability

Unauthenticated Protection Mechanism Bypass vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WP Headless CMS Framework versions = 1.15...

WordPress Geopost plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Geopost versions = 1.2...

WordPress Add Multiple Marker plugin <= 1.2 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Bhayanak Atma in WordPress Plugin Add Multiple Marker versions = 1.2...

WordPress Holiday class post calendar plugin <= 7.1 - Unauthenticated Remote Code Execution via 'contents' vulnerability

Unauthenticated Remote Code Execution via 'contents' vulnerability discovered by kr0d in WordPress Plugin Holiday class post calendar versions = 7.1...

WordPress Fleet Manager plugin <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Fleet Manager versions = 2.5.1...

WordPress Live Photos on WordPress plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Live Photos on WordPress versions = 0.1...

WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability

Unauthenticated Arbitrary File Upload via 'copypostimage' vulnerability discovered by Talal Nasraddeen in WordPress Plugin Gravity Forms versions = 2.9.20...

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability

WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Account Takeover/Privilege Escalation via idonatedonorpassword Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.1.5-2.1.9...

WordPress Top Bar Notification plugin <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Top Bar Notification versions = 1.12...

WordPress Doccure Core plugin < 1.5.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Doccure Core versions 1.5.4...

WordPress Tablesome plugin <= 1.1.32 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Talal Nasraddeen in WordPress Plugin Tablesome versions = 1.1.32...

WordPress Kallyas Theme <= 4.24.0 is vulnerable to Remote Code Execution (RCE)

Software Kallyas Type Theme Vulnerable versions = 4.24.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2025-6990 Patch priority Medium CVSS severity Medium 8.8 Developer EPC PSID fef69fa1779b Credits stealthcopter Required privilege Contributor Published...

WordPress Sahifa Theme < 5.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Sahifa Type Theme Vulnerable versions 5.8.6 Fixed in 5.8.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-64202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32bb45fc3f37 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Check Plagiarism plugin <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Check Plagiarism versions = 2.0...

WordPress Quickcreator – AI Blog Writer plugin 0.0.9-0.1.17 - Unauthenticated API Key Exposure vulnerability

Unauthenticated API Key Exposure vulnerability discovered by kr0d in WordPress Plugin Quickcreator – AI Blog Writer versions 0.0.9-0.1.17...

WordPress Memberlite Shortcodes plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Memberlite Shortcodes versions = 1.4.1...