46606 matches found
WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Grand Blog versions 3.1.5...
WordPress Dolcino theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Dolcino versions = 1.6...
WordPress Justicia theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Justicia versions = 1.2...
WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Roam versions = 2.1.1...
WordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Overton versions = 1.3...
WordPress Innovio theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Innovio versions = 1.7...
WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.4...
WordPress VidMov theme <= 2.3.8 - Path Traversal vulnerability
Software : VidMov Type : Theme Vulnerable versions : = 2.3.8 Fixed in : 2.3.9 OWASP Top 10 : A1: Broken Access Control Classification : Path Traversal CVE ID : CVE-2025-67914 Patchstack priority : High CVSS severity : 7.7 Required privilege : Subscriber Developer : Claim ownership PSID :...
WordPress VidMov theme <= 2.3.8 - Path Traversal vulnerability
Path Traversal vulnerability discovered by Denver Jackson in WordPress Theme VidMov versions = 2.3.8...
WordPress Five Star Restaurant Reservations plugin <= 2.7.4 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.4...
WordPress Shopbuilder plugin < 3.2.2 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Gregory Allegoet in WordPress Plugin ShopBuilder – Elementor WooCommerce Builder Addons versions 3.2.2...
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.24 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Branda versions = 3.4.24...
WordPress Logo Slider plugin < 4.9.0 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Logo Slider versions 4.9.0...
WordPress WPBookit plugin <= 1.0.7 - Customer Deletion via CSRF vulnerability
Customer Deletion via CSRF vulnerability discovered by Drtime in WordPress Plugin WPBookit versions = 1.0.7...
WordPress WP User Frontend plugin <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by shark3y in WordPress Plugin WP User Frontend versions = 4.2.4...
WordPress Bookory theme <= 2.2.7 - Local File Inclusion vulnerability
Software : Bookory Type : Theme Vulnerable versions : = 2.2.7 Fixed in : 2.2.8 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68530 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : 314b30db47fa...
WordPress Bookory theme <= 2.2.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Bookory versions = 2.2.7...
WordPress Triply theme <= 2.4.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Triply versions = 2.4.7...
WordPress Freshio theme <= 2.4.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Freshio versions = 2.4.2...
WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Airtifact versions = 1.2.91...
WordPress Calafate theme <= 1.7.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Calafate versions = 1.7.7...
WordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Holmes versions = 1.7...
WordPress Fleur theme <= 2.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fleur versions = 2.0...
WordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fiorello versions = 1.0...
WordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Curly versions = 3.3...
WordPress Cocco theme <= 1.5.1 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cocco versions = 1.5.1...
WordPress Owl Carousel WP plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NumeX in WordPress Plugin Owl Carousel WP versions = 2.2.2...
WordPress Aruba HiSpeed Cache plugin < 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Aruba HiSpeed Cache versions 3.0.3...
WordPress FreeAgent theme <= 2.1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FreeAgent versions = 2.1.2...
WordPress FreeAgent theme <= 2.1.2 - Local File Inclusion vulnerability
Software : FreeAgent Type : Theme Vulnerable versions : = 2.1.2 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69087 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 3c336586e5ba Credits :...
WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability
Software : Issabella Type : Theme Vulnerable versions : = 1.1.2 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69086 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 1e3ff6a668aa Credits :...
WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Issabella versions = 1.1.2...
WordPress Frappé theme <= 1.8 - Local File Inclusion vulnerability
Software : Frappé Type : Theme Vulnerable versions : = 1.8 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69083 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 5c47b6166cd2 Credits : Tran...
WordPress Frappé theme <= 1.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Frappé versions = 1.8...
WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hope versions = 3.0.0...
WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability
Software : Hope Type : Theme Vulnerable versions : = 3.0.0 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69081 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : ThemeREX Group PSID : eff7033e0272 Credits : Tran...
WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gecko versions = 1.9.8...
WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability
Software : Gecko Type : Theme Vulnerable versions : = 1.9.8 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69080 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 0d458b5a65e6 Credits : Tran...
WordPress Comments - wpDiscuz plugin < 7.6.40 - Unauthenticated Account Takeover vulnerability
WordPress Comments - wpDiscuz plugin 7.6.40 - Unauthenticated Account Takeover vulnerability discovered by wcraft in WordPress Plugin wpDiscuz versions 7.6.40...
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.35 - Authenticated Contributor+ Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.35...
WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.3...
WordPress User Submitted Posts plugin <= 20251121 - Open Redirection vulnerability
Open Redirection vulnerability discovered by benzdeus in WordPress Plugin User Submitted Posts versions = 20251121...
WordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Worker for Elementor versions = 1.0.10...
WordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Logger for Elementor versions = 1.0.9...
WordPress Worker for WPBakery plugin <= 1.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Worker for WPBakery versions = 1.1.1...
WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin Conformer for Elementor versions = 1.0.7...
WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Appender versions = 1.1.1...
WordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin UnGrabber versions = 3.1.3...
WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Countdowner for Elementor versions = 1.0.4...
WordPress Criptopayer for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Criptopayer for Elementor versions = 1.0.1...