WordPress Responsive Pricing Table plugin <= 5.1.12 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Responsive Pricing Table versions = 5.1.12...

WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability

Software : Issabella Type : Theme Vulnerable versions : = 1.1.2 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69086 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 1e3ff6a668aa Credits :...

PT-2026-27736

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s scheduling logic related to SCHED DEADLINE tasks. Specifically, when a SCHED DEADLINE task changes to a lower priority class using sched setscheduler,...

WordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Logger for Elementor versions = 1.0.9...

WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Appender versions = 1.1.1...

WordPress Accessibility Press plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by HunSec in WordPress Plugin Accessibility Press versions = 1.0.2...

WordPress Watcher for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Watcher for Elementor versions = 1.0.9...

WordPress Pardakht Delkhah plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Pardakht Delkhah versions = 3.0.0...

WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by powpy in WordPress Plugin Order Cancellation & Returns for WooCommerce versions = 1.1.11...

WordPress Vireo theme <= 1.0.24 - Broken Access Control vulnerability

Software : Vireo Type : Theme Vulnerable versions : = 1.0.24 OWASP Top 10 : A1: Broken Access Control Classification : Broken Access Control CVE ID : CVE-2025-62751 Patchstack priority : Low CVSS severity : 4.3 Required privilege : Subscriber Developer : Claim ownership PSID : 110abd56a0bb Credit...

WordPress Tasty Recipes Lite plugin <= 1.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Tasty Recipes Lite versions = 1.1.5...

WordPress iNext Woo Pincode Checker plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin iNext Woo Pincode Checker versions = 2.3.1...

WordPress Post Video Players plugin <= 1.163 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Post Video Players versions = 1.163...

WordPress Portfolio Gallery plugin <= 1.4.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Portfolio Gallery versions = 1.4.8...

WordPress Reuters Direct plugin <= 3.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Reuters Direct versions = 3.0.0...

WordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.28 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Core Web Vitals & PageSpeed Booster versions = 1.0.28...

WordPress Locatoraid Store Locator plugin <= 3.9.67 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Zeeshan Haider in WordPress Plugin Locatoraid Store Locator versions = 3.9.67...

WordPress User Specific Content plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Specific Content versions = 1.0.6...

WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Software : Consulting Type : Theme Vulnerable versions : = 1.5.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-63032 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : d51407236b71 Credits :...

WordPress Sermon Manager plugin <= 2.30.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Sermon Manager versions = 2.30.0...