WordPress Profile Builder plugin <= 3.12.0 - Admin+ Stored Cross Site Scripting vulnerability

Admin+ Stored Cross Site Scripting vulnerability discovered by John Castro in WordPress Plugin Profile Builder versions = 3.12.0...

WordPress kbucket plugin < 4.1.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin KBucket versions 4.1.5...

WordPress Clasify Classified Listing plugin <= 1.0.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Clasify Classified Listing versions = 1.0.7...

WordPress Sailthru Triggermail plugin < 1.1 - Subscriber+ Stored XSS vulnerability

Subscriber+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sailthru Triggermail versions 1.1...

WordPress ARForms Builder plugin < 1.7.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Malek Althubiany in WordPress Plugin ARForms Form Builder versions 1.7.1...

WordPress Hubbub Lite plugin < 1.34.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Hubbub Lite versions 1.34.4...

WordPress Wise Chat plugin <= 3.3.3 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability

Unauthenticated Sensitive Information Exposure Through Unprotected Directory vulnerability discovered by Tim Coen in WordPress Plugin Wise Chat versions = 3.3.2...

WordPress Wishlist plugin <= 2.1.0 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Wishlist versions = 2.1.0...

WordPress CSS3 Accordions for WordPress plugin <= 3.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin CSS3 Accordions for WordPress versions = 3.0...

WordPress Responsive HTML5 Audio Player PRO With Playlist plugin <= 3.5.7 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Responsive HTML5 Audio Player PRO With Playlist versions = 3.5.7...

WordPress CountDown Pro WP Plugin <= 2.7 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin CountDown Pro WP Plugin versions = 2.7...

WordPress Ads Pro plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 5.0...

WordPress RS WP Book Showcase plugin <= 6.7.57 - Content Injection vulnerability

Content Injection vulnerability discovered by theviper17 in WordPress Plugin RS WP Book Showcase versions = 6.7.57...

WordPress 6Storage Rentals plugin <= 2.20.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin 6Storage Rentals versions = 2.20.1...

WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.16...

WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability

Settings Change Vulnerability discovered by ch4r0n in WordPress Plugin Experto CTA Widget Call To Action, Sticky CTA, Floating Button Plugin versions = 1.1.1...

WordPress WP Content Security Plugin plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields vulnerability

Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin WP Content Security Plugin versions = 2.3...

WordPress PeepSo Core: File Uploads plugin <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via filedownload vulnerability discovered by Bikram Kharal in WordPress Plugin PeepSo Core: File Uploads versions = 6.4.6.0...

WordPress Bimber - Viral Magazine WordPress Theme Theme <= 9.2.5 is vulnerable to Local File Inclusion

Software Bimber - Viral Magazine WordPress Theme Type Theme Vulnerable versions = 9.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-47576 Patch priority Low CVSS severity Low 8.8 Developer EPC PSID 08c8e83478ea Credits Ananda Dhakal Patchstack Required...

WordPress Groundhogg plugin <= 4.1.1.2 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability

Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Phat Do in WordPress Plugin Groundhogg versions = 4.1.1.2...