WordPress Ogulo – 360° Tour plugin <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via slug Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Ogulo – 360° Tour versions = 1.0.11...

WordPress ShortcodeHub plugin <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via authorlinktarget Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin ShortcodeHub - MultiPurpose Shortcode Builder versions = 1.7.1...

WordPress Wptobe-memberships plugin <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Aril Aprilio forsak3n in WordPress Plugin Wptobe-memberships versions = 3.4.2...

WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Recurring PayPal Donations versions = 1.8...

WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by n0arafatn0 in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.30.0...

WordPress Statify Widget plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Statify Widget versions = 1.4.6...

WordPress Jobmonster Theme <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Jobmonster Type Theme Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-57887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 409b4cb6ad34 Credits Ananda Dhakal Patchstack Required privilege...

WordPress Spacious Theme <= 1.9.11 is vulnerable to Broken Access Control

Software Spacious Type Theme Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bca30fd3c674 Credits Dmitrii Ignatyev Required privilege...

Exploit for CVE-2025-8671

PoC-CVE-2025-8671-MadeYouReset-HTTP-2 PoC para validar vulnera...

WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin e-Boekhouden.nl versions = 1.9.3...

WordPress PressApps Knowledge Base Contextual Sidebar Addon Plugin <= 4.2.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin PressApps Knowledge Base Contextual Sidebar Addon versions = 4.2.1...

WordPress AutoWP plugin <= 2.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin AutoWP versions = 2.2.4...

WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Kento Splash Screen versions = 1.4...

WordPress Better Post & Filter Widgets for Elementor plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra Patchstack Alliance in WordPress Plugin Better Post & Filter Widgets for Elementor versions = 1.6.1...

WordPress Jobmonster Theme <= 4.7.9 is vulnerable to Broken Authentication

Software Jobmonster Type Theme Vulnerable versions = 4.7.9 Fixed in 4.8.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54738 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 87e1e5542be4 Credits Tran Nguyen...

WordPress Golo Theme <= 1.7.0 is vulnerable to Broken Authentication

Software Golo Type Theme Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54725 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a2ab39e8e113 Credits Aiden Required...

WordPress Kalium Theme <= 3.18.3 is vulnerable to Broken Access Control

Software Kalium Type Theme Vulnerable versions = 3.18.3 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2025-53348 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f2f57429b255 Credits Ananda Dhakal Patchstack Required privilege...

WordPress Magazine Elite Theme <= 1.2.4 is vulnerable to Local File Inclusion

Software Magazine Elite Type Theme Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53244 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID da2ed7dcedc4 Credits Le Ngoc Anh Required privilege Unauthenticat...

WordPress WP Webhooks plugin <= 3.3.5 - Unauthenticated Arbitrary File Copy vulnerability

Unauthenticated Arbitrary File Copy vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Webhooks versions = 3.3.5...

WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Ovatheme Events versions = 1.2.8...