WordPress Vizeon - Business Consulting Theme <= 1.1.7 is vulnerable to Local File Inclusion

Software Vizeon - Business Consulting Type Theme Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-31064 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2f12b007c549 Credits Tran Nguyen Bao Khanh VCI - VN...

WordPress Ogami Theme <= 1.53 is vulnerable to Local File Inclusion

Software Ogami Type Theme Vulnerable versions = 1.53 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-31913 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID b4ec72647766 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Requir...

WordPress Formulario de contacto SalesUp! plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Formulario de contacto SalesUp! versions = 1.0.14...

WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin DZS Video Gallery versions = 12.39...

WordPress ITSulu Theme <= 1.4.0 is vulnerable to Local File Inclusion

Software ITSulu Type Theme Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 809f0c6a06dd Credits Bonds Required privilege Unauthenticated Published...

WordPress Ninja Forms plugin < 3.10.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Ninja Forms versions 3.10.1...

WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS via Counter Block vulnerability

Contributor+ Stored XSS via Counter Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...

WordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Job Portal versions = 2.3.2...

WordPress MultiVendorX plugin <= 4.2.22 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin MultiVendorX versions = 4.2.22...

WordPress Change Add to Cart Button Text for WooCommerce plugin <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Change Add to Cart Button Text for WooCommerce versions = 2.2.2...

WordPress Cost of Goods for WooCommerce plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Cost of Goods for WooCommerce versions = 3.7.0...

WordPress Plugin Oficial – Getnet para WooCommerce plugin < 1.8.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions 1.8.1...

WordPress Plugin Oficial – Getnet para WooCommerce plugin < 1.8.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions 1.8.1...

WordPress Salon Booking System plugin < 10.9.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Salon booking system versions 10.9.4...

WordPress Z-Downloads plugin < 1.11.6 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Minh Giang & Christopher Houk in WordPress Plugin Z-Downloads versions 1.11.6...

WordPress MapPress Maps for WordPress plugin < 2.93 - Admin+ Stored XSS via Map Settings vulnerability

Admin+ Stored XSS via Map Settings vulnerability discovered by Kientt in WordPress Plugin MapPress Maps for WordPress versions 2.93...

WordPress The Events Calendar plugin < 6.6.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin The Events Calendar versions 6.6.4...

WordPress GamiPress - Reset User plugin <= 1.0.0 - GamiPress User Data Removal via CSRF vulnerability

WordPress GamiPress - Reset User plugin = 1.0.0 - GamiPress User Data Removal via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin GamiPress - Reset User versions = 1.0.0...

WordPress JavaScript Logic plugin <= 0.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Daniel Ruf in WordPress Plugin JavaScript Logic versions = 0.1...

WordPress Simple Video Directory plugin < 1.4.3 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin Simple Video Directory versions 1.4.3...