WordPress Hostel plugin <= 1.1.5.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Hostel versions = 1.1.5.6...

WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin PropertyHive versions = 2.1.2...

WordPress Responsive Blocks plugin <= 2.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Responsive Blocks versions = 2.0.2...

WordPress Membership For WooCommerce plugin <= 2.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Membership For WooCommerce versions = 2.8.0...

WordPress Feedify – Web Push Notifications plugin <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Feedify – Web Push Notifications versions = 2.4.5...

WordPress Widget for Social Page Feeds plugin < 6.4.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Widget for Social Page Feeds versions 6.4.2...

WordPress Betheme Theme <= 28.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Betheme Type Theme Vulnerable versions = 28.0.3 Fixed in 28.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-3077 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7b297a9d938e Credits Webbernaut Required privilege...

WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin All push notification for WP versions = 1.5.3...

WordPress WooCommerce Products without featured images Plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Products without featured images versions = 0.1...

WordPress Event Espresso plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Event Espresso – Custom Email Template Shortcode versions = 1.0.0...

WordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin TuriTop Booking System versions = 1.0.10...

WordPress Celestial Aura Theme <= 2.2 is vulnerable to Arbitrary File Upload

Software Celestial Aura Type Theme Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Upload CVE CVE-2025-26892 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 6836679a2db2 Credits stealthcopter Required privilege...

WordPress WP Project Manager plugin <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin WP Project Manager versions = 2.6.22...

WordPress Kargo Entegratör plugin <= 1.1.14 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Kargo Entegratör versions = 1.1.14...

WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin InPost Gallery versions = 2.1.4.3...

WordPress WP Easy Poll Plugin <= 2.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP Easy Poll versions = 2.2.9...

WordPress SMTP for Amazon SES – YaySMTP plugin <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs vulnerability

Unauthenticated Stored Cross-Site Scripting via Email Logs vulnerability discovered by zer0gh0st in WordPress Plugin SMTP for Amazon SES versions = 1.8...

WordPress Raptive Ads plugin <= 3.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Parasimpaticki in WordPress Plugin Raptive Ads versions = 3.7.3...

WordPress License Manager for WooCommerce plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin License Manager for WooCommerce versions = 3.0.9...

WordPress Wallet System for WooCommerce plugin <= 2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Wallet System for WooCommerce versions = 2.6.8...