WordPress Wigi Theme <= 2.0.1 is vulnerable to Arbitrary File Upload

Software Wigi Type Theme Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2025-30996 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID a3f5b750c9b1 Credits Tran Nguyen Bao Khanh VCI - VNPT...

WordPress Residential Address Detection plugin <= 2.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin Residential Address Detection versions = 2.5.4...

WordPress WooTumblog plugin <= 2.1.4 - Content Injection vulnerability

Content Injection vulnerability discovered by Mika in WordPress Plugin WooTumblog versions = 2.1.4...

WordPress Shopify to WooCommerce Migration plugin <= 1.3.0 - Settings Change vulnerability

Settings Change vulnerability discovered by Mika in WordPress Plugin Shopify to WooCommerce Migration versions = 1.3.0...

WordPress MediaView plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin MediaView versions = 1.1.2...

WordPress Videos plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Videos versions = 1.0.5...

WordPress Snow Storm plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Snow Storm versions = 1.4.6...

WordPress wpForo Forum plugin <= 2.4.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Revan Arifio Patchstack Alliance in WordPress Plugin wpForo Forum versions = 2.4.2...

WordPress Tainá Theme <= 0.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Tainá Type Theme Vulnerable versions = 0.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-26919 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a778dbe8c9a1 Credits stealthcopter Required privilege Subscriber...

WordPress Tiger Theme <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software Tiger Type Theme Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31027 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0311e02b1ff6 Credits Mika Required privilege Unauthenticated Publish...

WordPress Gravel Theme <= 1.6 is vulnerable to Cross Site Scripting (XSS)

Software Gravel Type Theme Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31418 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8d65d0e5dbda Credits Mika Required privilege Unauthenticated...

WordPress Advanced Search by My Solr Server plugin <= 2.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Advanced Search by My Solr Server versions = 2.0.5...

WordPress Material Dashboard plugin <= 1.4.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Material Dashboard versions = 1.4.5...

WordPress WordPress Galleria plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin WordPress Galleria versions = 1.4...

WordPress Order Splitter for WooCommerce plugin <= 5.3.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by LVT-tholv2k in WordPress Plugin Order Splitter for WooCommerce versions = 5.3.0...

WordPress Product Table by WBW plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Product Table by WBW versions = 2.1.4...

WordPress DigiWidgets Image Editor plugin <= 1.10 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin DigiWidgets Image Editor versions = 1.10...

WordPress Countdown & Clock plugin <=2.8.8 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by astra.r3verii in WordPress Plugin Countdown & Clock versions = 2.8.8...

WordPress Watu Quiz plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) Vulnerability

Reflected Cross Site Scripting XSS Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Watu Quiz versions = 3.4.2...

WordPress Hyperlink Group Block plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Hyperlink Group Block versions = 2.0.1...