WordPress The Events Calendar plugin <= 6.15.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin The Events Calendar versions = 6.15.1...

WordPress User Meta – User Profile Builder and User management plugin plugin <= 3.1.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Kishan Vyas in WordPress Plugin User Meta versions = 3.1.2...

WordPress Plugin updates blocker plugin <= 0.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Plugin updates blocker versions = 0.2...

WordPress Responsive Filterable Portfolio plugin <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Responsive Filterable Portfolio versions = 1.0.24...

WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by YCInfosec in WordPress Plugin Tutor LMS versions = 3.7.4...

WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Categorify versions = 1.0.7.5...

WordPress City Hostel Theme <= 1.2.3 is vulnerable to Local File Inclusion

Software City Hostel Type Theme Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3b527ab49278 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Gutentype Theme <= 2.1.11 is vulnerable to Local File Inclusion

Software Gutentype Type Theme Vulnerable versions = 2.1.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 42f4a10f514e Credits Bonds Required privilege Unauthenticated Publish...

WordPress Chardonnay Theme <= 1.19.0 is vulnerable to Local File Inclusion

Software Chardonnay Type Theme Vulnerable versions = 1.19.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1db13f9cabe3 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Wine House Theme <= 3.12 is vulnerable to Local File Inclusion

Software Wine House Type Theme Vulnerable versions = 3.12 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e14880ba7339 Credits Bonds Required privilege Unauthenticated Publishe...

WordPress Camelia Theme <= 1.2.13 is vulnerable to Local File Inclusion

Software Camelia Type Theme Vulnerable versions = 1.2.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 861b50981f0a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress ELEX WooCommerce Google Shopping (Google Product Feed) plugin <= 1.4.3 - Authenticated (Admin+) SQL Inejction vulnerability

Authenticated Admin+ SQL Inejction vulnerability discovered by dutafi in WordPress Plugin ELEX WooCommerce Google Shopping versions = 1.4.3...

WordPress Biagiotti Core plugin <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin Biagiotti Core versions = 2.1.3...

WordPress Simple Text Slider Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin Simple Text Slider versions = 1.0.5...

WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Bao BlueRock in WordPress Plugin Site Info versions = 1.1...

WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin eDS Responsive Menu versions = 1.2...

WordPress Developer Tools Blocker Plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Developer Tools Blocker versions = 3.2.1...

WordPress Shk Corporate Theme <= 2.4.1.1 is vulnerable to Broken Access Control

Software Shk Corporate Type Theme Vulnerable versions = 2.4.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 45c7c66747ba Credits Martino Spagnuolo r3verii Requir...

WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Paypal Payments versions = 5.7.46...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...