WordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ch4r0n in WordPress Plugin TicketBAI Facturas para WooCommerce versions = 3.45...

WordPress WP Multilang plugin <= 2.4.19 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by muhammad yudha in WordPress Plugin WP Multilang versions = 2.4.19...

WordPress WP Social Widget plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WP Social Widget versions = 2.3...

WordPress Greenshift plugin <= 11.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Greenshift versions = 11.5.5...

WordPress WebHotelier plugin <= 1.9.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin WebHotelier versions = 1.9.2...

WordPress Event post plugin <= 5.10.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Event post versions = 5.10.1...

WordPress Team Showcase plugin < 25.05.13 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Team Showcase versions 25.05.13...

WordPress Testimonials Showcase plugin <= 1.9.16 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Testimonials Showcase versions = 1.9.16...

WordPress WP User Frontend Pro plugin <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Foxyyy in WordPress Plugin WP User Frontend Pro versions = 4.1.3...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.23 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.23...

WordPress Post Slider and Carousel with Widget plugin < 3.2.10 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Post Slider and Carousel with Widget – A Responsive Post Slider versions 3.2.10...

WordPress Category Icon plugin <= 1.0.3 - XML External Entity (XXE) vulnerability

XML External Entity XXE vulnerability discovered by mcdruid in WordPress Plugin Category Icon versions = 1.0.3...

WordPress WC MyParcel Belgium plugin <= 4.5.5-beta - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin WC MyParcel Belgium versions = 4.5.5-beta...

WordPress Arlo Theme <= 6.0.3 is vulnerable to Local File Inclusion

Software Arlo Type Theme Vulnerable versions = 6.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39475 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID eaea2827ac9d Credits Bonds Required privilege Unauthenticated Published 3...

WordPress FlatNews Theme <= 5.8 is vulnerable to Cross Site Scripting (XSS)

Software FlatNews Type Theme Vulnerable versions = 5.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-32305 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ff5e3bb37606 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Lesya Theme <= 1.7.2 is vulnerable to Local File Inclusion

Software Lesya Type Theme Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID b9712c5f2cb9 Credits Bonds Required privilege Unauthenticated Published ...

WordPress Mr. Murphy Theme < 1.2.12.1 is vulnerable to PHP Object Injection

Software Mr. Murphy Type Theme Vulnerable versions 1.2.12.1 Fixed in 1.2.12.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49072 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 743adbe763dd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Borderless – Elementor Addons and Templates plugin <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Robert DeVore in WordPress Plugin Borderless versions = 1.7.1...

WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Real Time Validation for Gravity Forms versions = 1.7.0...

WordPress History Log by click5 plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by SashaRyba in WordPress Plugin History Log by click5 versions = 1.0.13...