WordPress Watu Quiz plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) Vulnerability

Reflected Cross Site Scripting XSS Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Watu Quiz versions = 3.4.2...

WordPress Hyperlink Group Block plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Hyperlink Group Block versions = 2.0.1...

WordPress Norse Rune Oracle Plugin plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Norse Rune Oracle Plugin versions = 1.4.3...

WordPress Pearl plugin <= 1.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Pearl versions = 1.3.9...

WordPress Directorist AddonsKit for Elementor plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf in WordPress Plugin Directorist AddonsKit for Elementor versions = 1.1.6...

WordPress Beds24 Online Booking plugin <= 2.0.27 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Beds24 Online Booking versions = 2.0.27...

WordPress WP Plugin Info Card plugin <= 5.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin WP Plugin Info Card versions = 5.3.0...

WordPress Easy!Appointments plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Easy!Appointments versions = 1.4.2...

WordPress Mobile App Canvas Plugin <= 3.8.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abdi Pranata in WordPress Plugin Mobile App Canvas versions = 3.8.2...

WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Follow Us Badges versions = 3.1.11...

WordPress Publitio plugin <= 2.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Publitio versions = 2.1.8...

WordPress Boo Recipes plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Boo Recipes versions = 2.4.1...

WordPress pCloud Backup plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin pCloud Backup versions = 1.0.1...

WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.18 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.18...

WordPress Access Areas Plugin <= 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Access Areas versions = 1.5.19...

WordPress Themify Folo Theme <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Software Themify Folo Type Theme Vulnerable versions = 1.9.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6a066edc64f9 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Ultimate Push Notifications plugin <= 1.2.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ultimate Push Notifications versions = 1.2.0...

WordPress Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.2.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by NAWardRox in WordPress Plugin Ai Auto Tool Content Writing Assistant Gemini Writer, ChatGPT All in One versions = 2.2.6...

WordPress Import Export Suite for CSV and XML Datafeed plugin <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin WP Ultimate CSV Importer versions = 7.19...

WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin Vitepos versions = 3.1.4...