22 matches found
WordPress WP Statistics plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Settings Update vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Statistics versions = 14.13.3...
WordPress Element Pack Elementor Addons plugin <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.29...
WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin AnalyticsWP versions = 2.1.2...
WordPress Master Slider plugin <= 3.11.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Master Slider versions = 3.11.0...
WordPress HelpGent plugin <= 2.2.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin HelpGent versions = 2.2.5...
WordPress Betheme Theme <= 28.0.3 is vulnerable to Cross Site Scripting (XSS)
Software Betheme Type Theme Vulnerable versions = 28.0.3 Fixed in 28.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-3077 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7b297a9d938e Credits Webbernaut Required privilege...
WordPress WooCommerce Loyal Customers plugin <= 2.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mika in WordPress Plugin WooCommerce Loyal Customers versions = 2.6...
WordPress Web2application Plugin <= 6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Web2application versions = 6.1...
WordPress Industrial Lite Theme <= 1.0.8 is vulnerable to Broken Access Control
Software Industrial Lite Type Theme Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-26955 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1a08c3e67c74 Credits Mika Required privilege Subscrib...
WordPress Accredible Certificates & Open Badges plugin <= 1.4.9 - Authenticated (Administrator+) SQL Injection via orderby Parameter vulnerability
Authenticated Administrator+ SQL Injection via orderby Parameter vulnerability discovered by oncybersec in WordPress Plugin Accredible Certificates & Open Badges versions = 1.4.9...
WordPress Lock Your Updates Plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Lock Your Updates versions = 1.1...
WordPress ZoomSounds plugin <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin ZoomSounds versions = 6.91...
WordPress UltraAddons – Elementor Addons plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin UltraAddons Elementor Lite versions = 2.0.2...
WordPress StaffList plugin <= 3.2.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Anhchangmutrang in WordPress Plugin StaffList versions = 3.2.7...
WordPress Arkhe Blocks plugin <= 2.27.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Arkhe Blocks versions = 2.27.1...
WordPress Posts Footer Manager plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by timomangcut in WordPress Plugin Posts Footer Manager versions = 2.2.0...
WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Wptobe-signinup versions = 1.1.2...
WordPress MyBookProgress by Stormhill Media plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin MyBookProgress by Stormhill Media versions = 1.0.8...
WordPress Modula Image Gallery plugin <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Modula Image Gallery versions = 2.10.1...
WordPress Calculated Fields Form plugin < 5.2.64 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Calculated Fields Form versions 5.2.64...