WordPress Exchange Rates Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Exchange Rates versions = 1.2.5...

WordPress Pie Calendar Plugin <= 1.2.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Pie Calendar versions = 1.2.8...

WordPress Classified Listing Plugin <= 5.0.6 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Classified Listing versions = 5.0.6...

WordPress Skyword API Plugin plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Skyword API Plugin versions = 2.5.2...

WordPress Indutri Theme < 1.3.0 is vulnerable to Local File Inclusion

Software Indutri Type Theme Vulnerable versions 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-58214 Patch priority High CVSS severity High 8.1 Developer DDM PSID 682e3e6619f4 Credits Bonds Required privilege Unauthenticated Published 30 August, 202...

WordPress Booster for WooCommerce plugin <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload vulnerability

Unauthenticated Double Extension Arbitrary File Upload vulnerability discovered by luckybuddy in WordPress Plugin Booster for WooCommerce versions = 7.2.4...

WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WpEvently versions = 4.4.8...

WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability

WordPress Otter - Gutenberg Block Plugin = 3.1.0 - Sensitive Data Exposure Vulnerability discovered by Abu Hurayra in WordPress Plugin Otter - Gutenberg Block versions = 3.1.0...

WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Nest Addons versions = 1.6.3...

WordPress All-in-One WP Migration and Backup plugin <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Import vulnerability discovered by Jack Pas Dark. in WordPress Plugin All-in-One WP Migration versions = 7.97...

WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Drag and Drop File Upload for Elementor Forms versions = 1.5.3...

WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Zephyr Project Manager versions = 3.3.201...

WordPress Golo Theme <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Golo Type Theme Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-54724 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9a5f34e954ab Credits Bonds Required privilege Unauthenticated...

WordPress Tourfic plugin <= 2.14.5 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by WordFence in WordPress Plugin Tourfic versions = 2.14.5...

WordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Invisible Optin versions = 1.0...

WordPress Ogulo – 360° Tour plugin <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via slug Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Ogulo – 360° Tour versions = 1.0.11...

WordPress ShortcodeHub plugin <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via authorlinktarget Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin ShortcodeHub - MultiPurpose Shortcode Builder versions = 1.7.1...

WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by n0arafatn0 in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.30.0...

WordPress Statify Widget plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Statify Widget versions = 1.4.6...

WordPress Jobmonster Theme <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Jobmonster Type Theme Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-57887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 409b4cb6ad34 Credits Ananda Dhakal Patchstack Required privilege...