WordPress Easy PayPal Buy Now Button plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Easy PayPal Buy Now Button versions = 2.0...

WordPress WP Compress plugin <= 6.30.30 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Snurkeburk, SashaRyba in WordPress Plugin WP Compress versions = 6.30.30...

WordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.8 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by tratt in WordPress Plugin Dynamic Pricing With Discount Rules for WooCommerce versions = 4.5.8...

WordPress GS Variation Swatches for WooCommerce plugin <= 3.0.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin GS Variation Swatches for WooCommerce versions = 3.0.4...

WordPress Quran multilanguage Text & Audio plugin <= 2.3.23 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Quran multilanguage Text & Audio versions = 2.3.23...

WordPress NGG Smart Image Search plugin <= 3.3.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin NGG Smart Image Search versions = 3.3.3...

WordPress Mollie Forms plugin <= 2.7.12 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Mollie Forms versions = 2.7.12...

WordPress GPT3 AI Content Writer plugin <= 1.9.14 - Cross Site Request Forgery (CSRF) to Prompt Generation vulnerability

Cross Site Request Forgery CSRF to Prompt Generation vulnerability discovered by domiee13 in WordPress Plugin GPT3 AI Content Writer versions = 1.9.14...

WordPress Media Hygiene plugin <= 4.0.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin Media Hygiene versions = 4.0.0...

WordPress Solace Extra plugin <= 1.3.1 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by stealthcopter in WordPress Plugin Solace Extra versions = 1.3.1...

WordPress WP Fundraising Donation and Crowdfunding Platform plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin FundEngine versions = 1.7.3...

WordPress WP Gravity Forms Zendesk plugin <= 1.1.2 - Open Redirection Vulnerability

Open Redirection Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Gravity Forms Zendesk versions = 1.1.2...

WordPress Widget Countdown plugin <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Widget Countdown versions = 2.7.4...

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA

CISA warns of active exploitation of critical Langflow vulnerability CVE-2025-3248. Critical RCE flaw allows full server takeover. Patch…...

WordPress CoinPayments.net Payment Gateway for WooCommerce plugin <= 1.0.17 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin CoinPayments.net Payment Gateway for WooCommerce versions = 1.0.17...

WordPress Royal Elementor Addons plugin <= 1.7.1017 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Royal Elementor Addons versions = 1.7.1017...

CVE-2025-46421 affecting package libsoup for versions less than 3.4.4-5

CVE-2025-46421 affecting package libsoup for versions less than 3.4.4-5. A patched version of the package is available...

WordPress Frontend Dashboard plugin 1.0-2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation

Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.0-2.2.6...

WordPress Relevanssi plugin <= 4.24.3 - Unauthenticated Stored Cross-Site Scripting via Search Highlights vulnerability

Unauthenticated Stored Cross-Site Scripting via Search Highlights vulnerability discovered by Jack Taylor in WordPress Plugin Relevanssi versions = 4.24.3...

WordPress CarDealerPress plugin <= 6.8.2505.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via saleclass Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin CarDealerPress versions = 6.8.2505.00...