WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Strong Testimonials versions = 3.2.20...

WordPress Astra Widgets plugin <= 1.2.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by benzdeus in WordPress Plugin Astra Widgets versions = 1.2.16...

WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Arif Shaikh in WordPress Plugin Theater for WordPress versions = 0.19...

WordPress Newsletters plugin <= 4.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Newsletters versions = 4.12...

WordPress FlippingBook plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FlippingBook versions = 2.0.1...

WordPress Web Directory Free plugin <= 1.7.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Web Directory Free versions = 1.7.12...

WordPress WC Builder plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin WC Builder versions = 1.2.0...

WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Zota versions = 1.3.14...

WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability

Software : Zota Type : Theme Vulnerable versions : = 1.3.14 Fixed in : 1.3.15 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68537 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : 058fe19104cc...

WordPress RestroPress plugin <= 3.2.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin RestroPress versions = 3.2.4.2...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.15...

WordPress Crowdsignal Forms plugin <= 1.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Crowdsignal Forms versions = 1.7.2...

WordPress Youzify plugin <= 1.3.6 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by NumeX in WordPress Plugin Youzify versions = 1.3.6...

WordPress Stratum plugin <= 1.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin Stratum versions = 1.6.1...

WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Event Organiser versions = 3.12.8...

WordPress Bold Timeline Lite plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Bold Timeline Lite versions = 1.2.7...

WordPress Cool Tag Cloud plugin <= 2.29 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Cool Tag Cloud versions = 2.29...

WordPress Themebeez Toolkit plugin <= 1.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Themebeez Toolkit versions = 1.3.5...

WordPress Brands for WooCommerce plugin <= 3.8.6.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Brands for WooCommerce versions = 3.8.6.3...

WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Invelity SPS connect versions = 1.0.8...

WordPress Medicalequipment theme <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Medicalequipment versions = 1.0.9...

WordPress CedCommerce Integration for Good Market plugin <= 1.0.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CedCommerce Integration for Good Market versions = 1.0.6...

WordPress Mobile builder plugin <= 1.4.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Mobile builder versions = 1.4.2...

WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin CubeWP versions = 1.1.27...

WordPress Inboxify Sign Up Form plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Inboxify Sign Up Form versions = 1.0.4...

WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Popping Sidebars and Widgets Light versions = 1.27...

WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Advanced Custom CSS versions = 1.1.0...

WordPress AM Events plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin AM Events versions = 1.13.1...

WordPress Booking Ultra Pro plugin <= 1.1.23 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Denver Jackson in WordPress Plugin Booking Ultra Pro versions = 1.1.23...

WordPress WP Project Manager plugin <= 3.0.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MD ISMAIL in WordPress Plugin WP Project Manager versions = 3.0.1...

WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Heateor Social Login versions = 1.1.39...

WordPress WP Document Revisions plugin <= 3.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Document Revisions versions = 3.7.2...

WordPress Vimeotheque plugin <= 2.3.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Vimeotheque versions = 2.3.5.2...

WordPress Fast User Switching plugin <= 1.4.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Fast User Switching versions = 1.4.10...

WordPress Category Icon plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Category Icon versions = 1.0.2...

WordPress Funnelforms Free plugin <= 3.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Funnelforms Free versions = 3.8...

WordPress Photo Gallery by 10Web plugin <= 1.8.38 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tabulra in WordPress Plugin Photo Gallery by 10Web versions = 1.8.38...

WordPress Simple File List plugin <= 6.1.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Simple File List versions = 6.1.18...

WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Userpro versions = 5.1.9...

WordPress WpEvently plugin <= 5.0.8 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WpEvently versions = 5.0.8...

WordPress Frontend Post Submission Manager Lite plugin <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Incorrect Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend Post Submission Manager Lite versions = 1.2.6...

WordPress Plugin Optimizer plugin <= 1.3.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Plugin Optimizer versions = 1.3.7...

WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CookieHint WP versions = 1.0.0...

WordPress Wp Text Slider Widget plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Wp Text Slider Widget versions = 1.0...

WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Testimonial Slider versions = 2.0.15...

WordPress Content Grid Slider plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Content Grid Slider versions = 1.5...

WordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Doan Dinh Van in WordPress Plugin wpDiscuz versions = 7.6.43...

WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by mcdruid in WordPress Plugin IF AS Shortcode versions = 1.2...

WordPress Contentstudio plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Contentstudio versions = 1.3.7...

WordPress Custom Related Posts plugin <= 1.8.0 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MD ISMAIL in WordPress Plugin Custom Related Posts versions = 1.8.0...