WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Responsive Posts Carousel Pro versions = 15.1...

WordPress GravityForms plugin < 2.9.23.1 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Marc Montpas in WordPress Plugin Gravity Forms versions 2.9.23.1...

WordPress Accept Donations with PayPal plugin <= 1.5.2 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Legion Hunter in WordPress Plugin Accept Donations with PayPal & Stripe versions = 1.5.2...

WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin My Sticky Elements versions = 2.3.3...

WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Offensive Labs in WordPress Plugin Integration for Contact Form 7 HubSpot versions = 1.4.2...

WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin YITH Slider for page builders versions = 1.0.11...

WordPress Advanced Classifieds & Directory Pro plugin <= 3.2.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Advanced Classifieds & Directory Pro versions = 3.2.9...

WordPress Five Star Restaurant Reservations plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by benzdeus in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.8...

WordPress Car Rental Manager plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin Car Rental Manager versions = 1.0.9...

WordPress Docket Cache plugin <= 24.07.03 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Docket Cache versions = 24.07.03...

WordPress MapSVG plugin <= 8.7.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter in WordPress Plugin MapSVG versions = 8.7.3...

WordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by timomangcut in WordPress Plugin Membership For WooCommerce versions = 3.0.3...

WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Subscribe to Unlock Lite versions = 1.3.0...

WordPress URL Shortify plugin <= 1.11.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Gregory Allegoet in WordPress Plugin URL Shortify versions = 1.11.3...

WordPress URL Shortify plugin <= 1.11.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Nguyễn Đức Toàn in WordPress Plugin URL Shortify versions = 1.11.2...

WordPress Overstock Affiliate Links plugin <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Overstock Affiliate Links versions = 1.1...

WordPress Gift Hunt plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LIM MINHYOEK in WordPress Plugin Gift Hunt versions = 2.0.2...

WordPress Link Library plugin <= 7.8.7 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Krissaphat Jankaew in WordPress Plugin Link Library versions = 7.8.7...

WordPress BBP Core plugin <= 1.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin BBP Core versions = 1.4.1...

WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by WordFence in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.8.0...

WordPress PhastPress plugin <= 3.7 - Unauthenticated Arbitrary File Read via Null Byte Injection vulnerability

Unauthenticated Arbitrary File Read via Null Byte Injection vulnerability discovered by shark3y in WordPress Plugin PhastPress versions = 3.7...

WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin SALESmanago versions = 3.9.0...

WordPress Ocean Modal Window plugin < 2.3.3 - Editor+ Remote Code Execution vulnerability

Editor+ Remote Code Execution vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Ocean Modal Window versions 2.3.3...

WordPress WP Hallo Welt plugin <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin WP Hallo Welt versions = 1.4...

WordPress Attachments Handler plugin <= 1.1.7 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Attachments Handler versions = 1.1.7...

WordPress Flex Store Users plugin <= 1.1.0 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Plugin Flex Store Users versions = 1.1.0...

WordPress File Uploader for WooCommerce plugin <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data vulnerability

Unauthenticated Arbitrary File Upload via add-image-data vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin File Uploader for WooCommerce versions = 1.0.3...

WordPress Cooked plugin <= 1.11.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cooked versions = 1.11.3...

WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Coming Soon Page, Under Construction & Maintenance Mode by SeedProd versions = 6.19.8...

WordPress Custom Field Template plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Custom Field Template versions = 2.7.7...

WordPress WP JobHunt plugin <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference vulnerability

Authenticated Candidate+ Insecure Direct Object Reference vulnerability discovered by meghnine islem - CYBEARS in WordPress Plugin WP JobHunt versions = 7.7...

WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability

Cross Site Request Forgery CSRF to Account Takeover vulnerability discovered by 0xd4rk5id3 in WordPress Theme WordPress Dating Theme versions = 11.2.0...

WordPress WP JobHunt plugin <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status' vulnerability

Missing Authorization to Authenticated Candidate+ Stored Cross-Site Scripting via 'status' vulnerability discovered by meghnine islem - CYBEARS in WordPress Plugin WP JobHunt versions = 7.7...

WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by mcdruid in WordPress Plugin GiveWP versions = 4.13.1...

WordPress Brave plugin <= 0.8.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Brave versions = 0.8.3...

WordPress Product Loops for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Product Loops for WooCommerce versions = 2.1.2...

WordPress Share, Print and PDF Products for WooCommerce plugin <= 3.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Share, Print and PDF Products for WooCommerce versions = 3.1.2...

WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nika versions = 1.2.14...

WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Software : Nika Type : Theme Vulnerable versions : = 1.2.14 Fixed in : 1.2.15 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68546 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : c4d1fd5c314f...

WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Diza versions = 1.3.15...

WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability

Software : Diza Type : Theme Vulnerable versions : = 1.3.15 Fixed in : 1.3.16 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68544 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : f639a1eb5493...

WordPress Responsive Posts Carousel Pro plugin <= 15.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Responsive Posts Carousel Pro versions = 15.2...

WordPress WPBulky plugin <= 1.1.13 - SQL Injection vulnerability

SQL Injection vulnerability discovered by benzdeus in WordPress Plugin WPBulky versions = 1.1.13...

WordPress VPSUForm plugin <= 3.2.24 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jitlada in WordPress Plugin VPSUForm versions = 3.2.24...

WordPress HAPPY plugin <= 1.0.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin HAPPY versions = 1.0.9...

WordPress Chakra test plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Chakra test versions = 1.0.1...

WordPress Widgets for Social Photo Feed plugin <= 1.7.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Widgets for Social Photo Feed versions = 1.7.8...

WordPress Beaver Builder – WordPress Page Builder plugin <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Beaver Builder versions = 2.9.4.1...

WordPress WooMulti plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin WooMulti versions = 1.7...

WordPress Happy Addons for Elementor plugin <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom JS vulnerability discovered by zer0gh0st in WordPress Plugin Happy Addons for Elementor versions = 3.20.3...