46618 matches found
WordPress Hotel Listing plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Hotel Listing versions = 1.4.0...
WordPress Super Logos Showcase plugin <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Super Logos Showcase versions = 2.8...
WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Universal Video Player versions = 3.8.4...
WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
Software : Consulting Type : Theme Vulnerable versions : = 1.5.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-63032 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : d51407236b71 Credits :...
WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Consulting versions = 1.5.0...
WordPress Zoho ZeptoMail plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Zoho ZeptoMail versions = 3.3.1...
WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Melos versions = 1.6.0...
WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
Software : Melos Type : Theme Vulnerable versions : = 1.6.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62136 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : c0fa8aca5616 Credits : Peter...
WordPress Everest Backup plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Everest Backup versions = 2.3.9...
WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Shuttle versions = 1.5.0...
WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
Software : Shuttle Type : Theme Vulnerable versions : = 1.5.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62137 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : af47e07068e3 Credits : Pet...
WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Funnelforms Free versions = 3.8...
WordPress Series plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Series versions = 2.0.1...
WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BuddyPress Activity Shortcode versions = 1.1.8...
WordPress Sermon Manager plugin <= 2.30.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Sermon Manager versions = 2.30.0...
WordPress MX Time Zone Clocks plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin MX Time Zone Clocks versions = 5.1.1...
WordPress WordPress Tooltips plugin <= 10.9.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin WordPress Tooltips versions = 10.9.3...
WordPress Knowledge Base documentation & wiki plugin – BasePress plugin <= 2.17.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Knowledge Base documentation & wiki plugin – BasePress versions = 2.17.0.1...
WordPress ListingPro Reviews theme <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin ListingPro Reviews versions 2.9.11...
WordPress Knowband Mobile App Builder for wooCommerce plugin < 3.0.0 - Unauthenticated Arbitrary User Deletion vulnerability
Unauthenticated Arbitrary User Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Knowband Mobile App Builder versions 3.0.0...
WordPress Ultimate Post Kit plugin < 4.0.16 - Unauthenticated Arbitrary Post Content Disclosure vulnerability
Unauthenticated Arbitrary Post Content Disclosure vulnerability discovered by Drtime in WordPress Plugin Ultimate Post Kit versions 4.0.16...
WordPress WP Email Capture plugin <= 3.12.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Arif Shaikh in WordPress Plugin WP Email Capture versions = 3.12.5...
WordPress Custom Style plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Custom Style versions = 1.0...
WordPress Noindex by Path plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Noindex by Path versions = 1.0...
WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Skalucy in WordPress Plugin Custom Post Status versions = 1.1.0...
WordPress Recent Posts From Each Category plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Recent Posts From Each Category versions = 1.4...
WordPress Social Profilr plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Social Profilr versions = 1.0...
WordPress SensitiveTagCloud plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin SensitiveTagCloud versions = 1.4.1...
WordPress WP-EasyArchives plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin WP-EasyArchives versions = 3.1.2...
WordPress Simple Archive Generator plugin <= 5.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Simple Archive Generator versions = 5.2...
WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Behance Portfolio Manager versions = 1.7.5...
WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...
WordPress AHAthat Plugin plugin <= 1.6 - Admin+ SQL Injection vulnerability
Admin+ SQL Injection vulnerability discovered by Régis SENET in WordPress Plugin AHAthat versions = 1.6...
WordPress Wishlist plugin <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Wishlist versions = 1.0.43...
WordPress URL Image Importer plugin <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload vulnerability
Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin URL Image Importer versions 1.0-1.0.6...
WordPress Auto Thickbox plugin <= 3.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Auto Thickbox versions = 3.5...
WordPress Solidres plugin <= 0.9.4 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Solidres – Hotel booking plugin versions = 0.9.4...
WordPress Qi Blocks plugin < 1.4 - Contributor+ Stored XSS vi Countdown Block vulnerability
Contributor+ Stored XSS vi Countdown Block vulnerability discovered by Krugov Artyom in WordPress Plugin Qi Blocks versions 1.4...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore vulnerability
Missing Authorization to Authenticated Subscriber+ Ticket Restore vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.1...
WordPress IDonate plugin 2.0.0 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via admin_donor_profile_view Function vulnerability
WordPress IDonate plugin 2.0.0 - 2.1.9 - Missing Authorization to Authenticated Subscriber+ Sensitive Information Disclosure via admindonorprofileview Function vulnerability discovered by kr0d in WordPress Plugin IDonate versions 2.0.0-2.1.9...
WordPress Sermon Manager plugin <= 2.30.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Sermon Manager versions = 2.30.0...
WordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update vulnerability
Missing Authorization To Authenticated Subscriber+ Brand Permalink Settings Update vulnerability discovered by WordFence in WordPress Plugin Premmerce Brands for WooCommerce versions = 1.2.13...
WordPress LazyTasks plugin <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation vulnerability
Missing Authorization to Uanuthenticated Privilege Escalation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin LazyTasks versions = 1.2.29...
WordPress Relevanssi <= 4.24.5 - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights vulnerability
Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights vulnerability discovered by Jack Taylor in WordPress Plugin Relevanssi versions = 4.24.5...
WordPress ElementsKit Elementor Addons and Templates plugin <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Custom Widget vulnerability discovered by Hardik Raval in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.5.2...
WordPress BlossomThemes Social Feed plugin <= 2.0.5 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin BlossomThemes Social Feed versions = 2.0.5...
WordPress Starter Templates by FancyWP plugin <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery vulnerability
Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Starter Templates by FancyWP versions = 2.0.0...
WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Simplebooklet PDF Viewer and Embedder versions = 1.1.2...
WordPress GDPR Cookie Compliance plugin < 4.15.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GDPR Cookie Compliance versions 4.15.7...
WordPress GoZen Forms plugin <= 1.1.5 - Unauthenticated SQL Injection via emdedSc() vulnerability
Unauthenticated SQL Injection via emdedSc vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin GoZen Forms versions = 1.1.5...