WordPress Wishlist for WooCommerce plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Wishlist for WooCommerce versions = 3.3.0...

WordPress teachPress plugin <= 9.0.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin teachPress versions = 9.0.12...

WordPress Pinpoll plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Pinpoll versions = 4.0.0...

WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin e-shops versions = 1.0.4...

WordPress Strong Testimonials plugin <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update vulnerability

Missing Authorization to Authenticated Contributor+ Rating Meta Update vulnerability discovered by type5afe in WordPress Plugin Strong Testimonials versions = 3.2.18...

WordPress Lucky Wheel for WooCommerce – Spin a Sale plugin <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional Tags vulnerability

Authenticated Administrator+ PHP Code Injection via Conditional Tags vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel for WooCommerce – Spin a Sale versions = 1.1.13...

WordPress JetTabs plugin <= 2.2.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetTabs versions = 2.2.12...

WordPress JetTabs plugin <= 2.2.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin JetTabs versions = 2.2.12...

WordPress JetSearch plugin <= 3.5.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetSearch versions = 3.5.16...

WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin JetBlog versions = 2.4.7...

WordPress JetPopup plugin <= 2.0.20.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Bonds in WordPress Plugin JetPopup versions = 2.0.20.1...

WordPress JetElements For Elementor plugin <= 2.7.12.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin JetElements For Elementor versions = 2.7.12.2...

WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin JetEngine versions = 3.8.1.1...

WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin WpStream versions = 4.9.5...

WordPress Menu In Post plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Menu In Post versions = 1.4.1...

WordPress Civic Cookie Control plugin <= 1.53 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Civic Cookie Control versions = 1.53...

WordPress Carousel Horizontal Posts Content Slider plugin <= 3.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Carousel Horizontal Posts Content Slider versions = 3.3.2...

WordPress Auto Listings plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Auto Listings versions = 2.7.1...

WordPress Academy LMS plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Academy LMS versions = 3.4.0...

WordPress Combo Offers WooCommerce plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Combo Offers WooCommerce versions = 4.2...

WordPress Blog Filter plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Blog Filter versions = 1.7.3...

WordPress FiveStar theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FiveStar versions = 1.7...

WordPress Arcane theme <= 3.6.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Arcane versions = 3.6.6...

WordPress Backpack Traveler theme <= 2.10.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Backpack Traveler versions = 2.10.3...

WordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Struktur versions = 2.5.1...

WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin WpStream versions = 4.9.5...

WordPress PRIMER by chloédigital plugin <= 1.0.25 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin PRIMER by chloédigital versions = 1.0.25...

WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Visitor Stats Widget versions = 1.5.0...

WordPress Plugin Organizer plugin < 10.2.4 - Subscriber+ SQLi vulnerability

Subscriber+ SQLi vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Plugin Organizer versions 10.2.4...

WordPress YaMaps plugin < 0.6.40 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin YaMaps for WordPress versions 0.6.40...

WordPress weForms plugin <= 1.6.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin weForms versions = 1.6.25...

WordPress GLS Shipping for WooCommerce plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin GLS Shipping for WooCommerce versions = 1.4.0...

WordPress Netgsm plugin <= 2.9.63 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin Netgsm versions = 2.9.63...

WordPress WP App Bar plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP App Bar versions = 1.5...

WordPress Product Delivery Date for WooCommerce – Lite plugin <= 3.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Product Delivery Date for WooCommerce – Lite versions = 3.2.0...

WordPress Flaming Password Reset plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Flaming Password Reset versions = 1.0.3...

WordPress Wallet System for WooCommerce plugin <= 2.7.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Denver Jackson in WordPress Plugin Wallet System for WooCommerce versions = 2.7.3...

WordPress Slider Templates plugin <= 1.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Slider Templates versions = 1.0.3...

WordPress Scroll rss excerpt plugin <= 5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Scroll rss excerpt versions = 5.0...

WordPress PopupKit plugin <= 2.2.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin PopupKit versions = 2.2.3...

WordPress Poptics plugin <= 1.0.20 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Poptics versions = 1.0.20...

WordPress BizPrint plugin <= 4.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin BizPrint versions = 4.6.7...

WordPress Advanced Ads plugin <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode vulnerability

Authenticated Editor+ Remote Code Execution via Shortcode vulnerability discovered by NosleeP++ in WordPress Plugin Advanced Ads versions = 2.0.14...

WordPress PixelYourSite plugin <= 11.1.5 - Sensitive Information Exposure via Log File vulnerability

Sensitive Information Exposure via Log File vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.1.5...

WordPress Discussion Board plugin <= 2.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Discussion Board versions = 2.5.7...

WordPress HR Management Lite plugin <= 3.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin HR Management Lite versions = 3.6...

WordPress Popup box plugin <= 6.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.7...

WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin H5P versions = 1.16.1...

WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fana versions = 1.1.35...

WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Software : Fana Type : Theme Vulnerable versions : = 1.1.35 Fixed in : 1.1.36 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68540 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : 1370613da8d7...