WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000025 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Insert or Embed Articulate Content into WordPress versions = 4.3000000025...

WordPress Motors plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by mikemyers in WordPress Plugin Motors versions = 1.4.64...

WordPress coreActivity: Activity Logging for WordPress plugin <= 2.7 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Yassine NEGGAOUI in WordPress Plugin coreActivity: Activity Logging plugin for WordPress versions = 2.7...

WordPress Popping Content Light plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Popping Content Light versions = 2.4...

WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability

HTML Injection vulnerability discovered by Revan Arifio in WordPress Plugin Tutor LMS versions = 3.4.0...

WordPress Broadstreet plugin <= 1.52.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin Broadstreet Ads versions = 1.52.1...

WordPress Asgaros Forum plugin <= 3.0.0 - File Upload Numbers Bypass vulnerability

File Upload Numbers Bypass vulnerability discovered by 20kilograma in WordPress Plugin Asgaros Forum versions = 3.0.0...

WordPress Streamit Theme <= 4.0.1 is vulnerable to Arbitrary File Upload

Software Streamit Type Theme Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-2525 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 0e50f93134fe Credits István Márton Required privilege Subscriber...

WordPress Freetobook Responsive Widget Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Freetobook Responsive Widget versions = 1.1...

WordPress Privyr CRM plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Privyr CRM Integration versions = 1.0.2...

WordPress Split Test For Elementor Plugin <= 1.8.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin Split Test For Elementor versions = 1.8.3...

WordPress B Blocks plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Logan Cote in WordPress Plugin B Blocks versions = 2.0.0...

WordPress Motors plugin <= 1.4.71 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin Motors versions = 1.4.71...

WordPress Gutenify plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Prissy in WordPress Plugin Gutenify versions = 1.5.7...

WordPress Xpro Elementor Addons plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Prissy in WordPress Plugin Xpro Elementor Addons versions = 1.4.10...

WordPress MasterStudy LMS plugin <= 3.5.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin MasterStudy LMS versions = 3.5.28...

WordPress Lightbox & Modal Popup WordPress Plugin – FooBox plugin <= 2.7.33 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore in WordPress Plugin FooBox Image Lightbox versions = 2.7.33...

WordPress Woffice Core plugin <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Woffice Core versions = 5.4.21...

WordPress Booster for WooCommerce plugin 4.0.1-7.2.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by luckybuddy in WordPress Plugin Booster for WooCommerce versions 4.0.1-7.2.4...

WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Wptobe-signinup versions = 1.1.2...