WordPress Celestial Aura Theme <= 2.2 is vulnerable to Arbitrary File Upload

Software Celestial Aura Type Theme Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Upload CVE CVE-2025-26892 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 6836679a2db2 Credits stealthcopter Required privilege...

WordPress WP Project Manager plugin <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin WP Project Manager versions = 2.6.22...

WordPress Kargo Entegratör plugin <= 1.1.14 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Kargo Entegratör versions = 1.1.14...

WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin InPost Gallery versions = 2.1.4.3...

WordPress WP Easy Poll Plugin <= 2.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin WP Easy Poll versions = 2.2.9...

WordPress SMTP for Amazon SES – YaySMTP plugin <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs vulnerability

Unauthenticated Stored Cross-Site Scripting via Email Logs vulnerability discovered by zer0gh0st in WordPress Plugin SMTP for Amazon SES versions = 1.8...

WordPress Raptive Ads plugin <= 3.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Parasimpaticki in WordPress Plugin Raptive Ads versions = 3.7.3...

WordPress License Manager for WooCommerce plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin License Manager for WooCommerce versions = 3.0.9...

WordPress Wallet System for WooCommerce plugin <= 2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Wallet System for WooCommerce versions = 2.6.8...

WordPress License For Envato Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin License For Envato versions = 1.0.0...

WordPress WordPress Health and Server Condition plugin <= 4.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin WordPress Health and Server Condition – Integrated with Google Page Speed versions = 4.1.1...

WordPress Deliver via Shipos for WooCommerce Plugin <= 2.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Deliver via Shipos for WooCommerce versions = 2.1.7...

WordPress Sync Posts Plugin <= 1.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Sync Posts versions = 1.0...

WordPress Oppso Unit Converter plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin Oppso Unit Converter versions = 1.1.1...

WordPress WP Food ordering and Restaurant Menu plugin <= 1.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by theviper17 in WordPress Plugin WP Food ordering and Restaurant Menu versions = 1.1...

WordPress YouTube Embed plugin <= 5.3.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abhinav Porwal in WordPress Plugin YouTube Embed versions = 5.3.1...

WordPress Woo Product Feed For Marketing Channels plugin <= 1.9.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by theviper17 in WordPress Plugin Woo Product Feed For Marketing Channels versions = 1.9.0...

WordPress Waymark plugin <= 1.5.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Waymark versions = 1.5.3...

WordPress WooCommerce – Store Exporter plugin <= 2.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Store Exporter versions = 2.7.4...

WordPress MyWorks WooCommerce Sync for QuickBooks Online plugin <= 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin MyWorks WooCommerce Sync for QuickBooks Online versions = 2.9.1...