447 matches found
WordPress Pending Order Bot plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Pending Order Bot versions = 1.0.2...
WordPress Advanced iFrame plugin <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Advanced iFrame versions = 2025.6...
WordPress Anber Elementor Addon plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Carousel button link vulnerability discovered by dayea song in WordPress Plugin Anber Elementor Addon versions = 1.0.1...
WordPress Soledad Theme <= 8.6.7 is vulnerable to Cross Site Scripting (XSS)
Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-8143 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2b64551fa293 Credits stealthcopter Required privilege...
WordPress EventON Lite plugin <= 2.4.6 - Authenticated (Contributor+) Information Disclosure vulnerability
Authenticated Contributor+ Information Disclosure vulnerability discovered by Takihana Shota in WordPress Plugin EventON versions = 2.4.6...
WordPress BizCalendar Web plugin <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by muhammad yudha in WordPress Plugin bizcalendar-web versions = 1.1.0.53...
WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Embedder for Google Reviews versions = 1.7.3...
WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin WP Statistics versions = 14.15...
WordPress AnWP Football Leagues plugin <= 0.16.17 - Authenticated (Administrator+) CSV Injection vulnerability
Authenticated Administrator+ CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AnWP Football Leagues versions = 0.16.17...
WordPress Brizy plugin <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload vulnerability
Missing Authorization to Unauthenticated Limited File Upload vulnerability discovered by mikemyers in WordPress Plugin Brizy versions = 2.6.20...
WordPress MinimogWP Theme <= 3.9.0 is vulnerable to Content Injection
Software MinimogWP Type Theme Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-8198 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d80fff95e821 Credits Valatty Required privilege Unauthenticated Published ...
WordPress Radio Station plugin <= 2.5.12 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Radio Station versions = 2.5.12...
WordPress Post Rating and Review plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via class Parameter vulnerability discovered by Gilang in WordPress Plugin Post Rating and Review versions = 1.3.4...
WordPress PowerPress Podcasting plugin <= 11.13.11 - Server Side Request Forgery (SSRF) Vulnerability
Server Side Request Forgery SSRF Vulnerability discovered by Anhchangmutrang in WordPress Plugin PowerPress Podcasting versions = 11.13.11...
WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin HUSKY versions = 1.3.7...
WordPress Spark Multipurpose Theme <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Spark Multipurpose Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-50030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 093473ec2f16 Credits Peter Thaleikis Required privilege...
WordPress Simple Logo Carousel plugin <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Logo Carousel versions = 1.9.3...
WordPress Click to Chat plugin <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via data-nonumber Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Click to Chat versions = 4.22...
WordPress Yougler Blogger Profile Page plugin <= v1.01 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by johska in WordPress Plugin Yougler Blogger Profile Page versions v1.01...
WordPress File Manager Pro – Filester plugin <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin File Manager Pro versions = 1.8.8...