WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Block Slider versions = 2.2.3...

WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin Conformer for Elementor versions = 1.0.7...

WordPress Watcher for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Watcher for Elementor versions = 1.0.9...

WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Maximum Products per User for WooCommerce versions = 4.4.3...

WordPress Web Directory Free plugin <= 1.7.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Web Directory Free versions = 1.7.12...

WordPress WPBulky plugin <= 1.1.13 - SQL Injection vulnerability

SQL Injection vulnerability discovered by benzdeus in WordPress Plugin WPBulky versions = 1.1.13...

WordPress Enter Addons plugin <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown and Image Comparison Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Enter Addons versions = 2.2.7...

WordPress Better Find and Replace plugin <= 1.7.7 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Adrian Lukita in WordPress Plugin Better Find and Replace versions = 1.7.7...

WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Order Refund vulnerability discovered by Powpy in WordPress Plugin Flexible Refund and Return Order for WooCommerce versions = 1.0.38...

WordPress Memberlite Shortcodes plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Memberlite Shortcodes versions = 1.4.1...

WordPress Stackable Plugin <= 3.18.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Abu Hurayra in WordPress Plugin Stackable versions = 3.18.1...

WordPress Accordion Plugin <= 2.3.15 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Abu Hurayra in WordPress Plugin Accordion versions = 2.3.15...

WordPress Payrexx Payment Gateway for WooCommerce Plugin <= 3.1.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Legion Hunter in WordPress Plugin Payrexx Payment Gateway for WooCommerce versions = 3.1.5...

WordPress Pie Calendar Plugin <= 1.2.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Pie Calendar versions = 1.2.8...

WordPress Classified Listing Plugin <= 5.0.6 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Classified Listing versions = 5.0.6...

WordPress Spacious Theme <= 1.9.11 is vulnerable to Broken Access Control

Software Spacious Type Theme Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bca30fd3c674 Credits Dmitrii Ignatyev Required privilege...

WordPress bxSlider integration for WordPress plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin bxSlider integration for WordPress versions = 1.7.2...

WordPress Bible SuperSearch plugin <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via selectorheight Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Bible SuperSearch versions = 6.0.1...

WordPress Sala Theme <= 1.1.6 is vulnerable to Local File Inclusion

Software Sala Type Theme Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54709 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 734caf3a58cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

CVE-2025-49557

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker...