WordPress Arconix Shortcodes plugin <= 2.1.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Arconix Shortcodes versions = 2.1.18...

WordPress I Order Terms plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin I Order Terms versions = 1.5.0...

WordPress NS Maintenance Mode for WP plugin <= 1.3.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin NS Maintenance Mode for WP versions = 1.3.1...

WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin K Elements versions 5.5.0...

WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kleo versions 5.5.0...

WordPress Jannah - Extensions plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

WordPress Jannah - Extensions plugin = 1.1.4 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Jannah - Extensions versions = 1.1.4...

WordPress AppPresser plugin <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Limited Sensitive Information Exposure vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin AppPresser versions = 4.5.0...

WordPress Weglot Translate plugin <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion vulnerability

Missing Authorization to Unauthenticated Limited Transient Deletion vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Weglot Translate versions = 5.1...

WordPress Site Checkup AI Troubleshooting with Wizard and Tips for Each Issue plugin <= 1.47 - Unauthenticated Log File Poisoning vulnerability

Unauthenticated Log File Poisoning vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Site Checkup versions = 1.47...

WordPress Kleo Theme < 5.5.0 is vulnerable to Local File Inclusion

Software Kleo Type Theme Vulnerable versions 5.5.0 Fixed in 5.5.0 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2025-64363 Patch priority Low CVSS severity Low 7.5 Developer EPC PSID 1d3d5f3ae51e Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress SmartMag Theme <= 10.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SmartMag Type Theme Vulnerable versions = 10.3.1 Fixed in 10.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-64204 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6a240fc7988d Credits João Pedro S Alcântara Kinorth Required...

WordPress Masterstudy Theme < 4.8.126 is vulnerable to Local File Inclusion

Software Masterstudy Type Theme Vulnerable versions 4.8.126 Fixed in 4.8.126 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2025-64364 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID c61c79de05c6 Credits João Pedro S Alcântara Kinorth...

WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jannah versions = 7.6.0...

WordPress Debug Log Viewer plugin <= 2.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Debug Log Viewer versions = 2.0.3...

WordPress Simple Payment plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin Simple Payment versions = 2.4.6...

WordPress PDF Creator Lite plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin PDF Creator Lite versions = 1.2...

WordPress Simple Payment plugin <= 2.4.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Plugin Simple Payment versions = 2.4.6...

WordPress WooCommerce plugin <= 7.8.2 - Sensitive Information Exposure vulnerability

Sensitive Information Exposure vulnerability discovered by osama-hamad in WordPress Plugin WooCommerce versions = 7.8.2...

WordPress Doppler Forms plugin < 2.6.0 - Subscriber+ Limited Plugin Installation vulnerability

Subscriber+ Limited Plugin Installation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Doppler Forms versions 2.6.0...

WordPress Call Now Button plugin <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions vulnerability

Authenticated Subscriber+ Missing Authorization to Multiple Functions vulnerability discovered by Jamiryoo in WordPress Plugin Call Now Button versions = 1.5.4...

WordPress Call Now Button plugin <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Settings Update vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Call Now Button versions = 1.5.3...

WordPress LiteSpeed Cache plugin <= 7.5.0.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Nicholas Giemsa in WordPress Plugin LiteSpeed Cache versions = 7.5.0.1...

WordPress Easy Testimonial Slider and Form plugin <= 1.0.2 - Authenticated (Admin+) SQL injection vulnerability

Authenticated Admin+ SQL injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Easy Testimonial Slider and Form versions = 1.0.2...

WordPress Thumbnail Slider With Lightbox plugin <= 1.0.4 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Thumbnail Slider With Lightbox versions = 1.0.4...

WordPress Jannah theme <= 7.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jannah versions = 7.6.0...

WordPress Ninja Popups plugin <= 4.7.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ninja Popups versions = 4.7.8...

WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin EventON versions = 4.9.12...

WordPress Jannah theme <= 7.6.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jannah versions = 7.6.0...

WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by savphill in WordPress Plugin WooCommerce versions = 10.0.2...

WordPress Easy Invoice plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin Easy Invoice versions = 2.0.9...

WordPress Facebook for WooCommerce plugin <= 3.5.7 - Broken Access Control to Notice Dismissal vulnerability

Broken Access Control to Notice Dismissal vulnerability discovered by Legion Hunter in WordPress Plugin Facebook for WooCommerce versions = 3.5.7...

WordPress Popup box plugin <= 5.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by ch4r0n in WordPress Plugin Popup box versions = 5.5.4...

Drupal Simple OAuth (OAuth2) & OpenID Connect module 6.0.0-6.0.6 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by coffeemakr in WordPress Module Simple OAuth OAuth2 & OpenID Connect versions 6.0.0-6.0.6...

Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

Missing Authorization to Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Anti-Malware Security and Brute-Force Firewall versions = 4.23.81...

WordPress Яндекс Доставка (Boxberry) plugin <= 2.34 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Яндекс Доставка Boxberry versions = 2.34...

WordPress WordPress Contact Form 7 PDF, Google Sheet & Database plugin <= 3.0.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WordPress Contact Form 7 PDF, Google Sheet & Database versions = 3.0.0...

WordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Polylang versions = 3.7.3...

WordPress HUSKY plugin <= 1.3.7.1 - Unauthenticated SQL Injection via `phrase` Parameter vulnerability

Unauthenticated SQL Injection via phrase Parameter vulnerability discovered by LionTree in WordPress Plugin HUSKY versions = 1.3.7.1...

WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 4.1.7 - Authenticated (Author+) Server-Side Request Forgery vulnerability

Authenticated Author+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Auto Featured Image Auto Post Thumbnail versions = 4.1.7...

WordPress IDonate plugin < 2.1.13 - Unauthenticated User Deletion vulnerability

Unauthenticated User Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin IDonate versions 2.1.13...

WordPress FuseWP plugin <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation vulnerability

Cross-Site Request Forgery to Sync Rule Creation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin FuseWP versions = 1.1.23.0...

WordPress Advanced Database Cleaner plugin <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation vulnerability

Cross-Site Request Forgery to Settings Manipulation vulnerability discovered by Bao - BlueRock in WordPress Plugin Advanced Database Cleaner versions = 3.1.6...

WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Soledad versions = 8.7.0...

WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Elastic Email Sender versions = 1.2.20...

WordPress Mailster plugin < 4.1.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Mailster versions 4.1.14...

WordPress Master Slider Pro plugin <= 3.7.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Master Slider Pro versions = 3.7.12...

WordPress Media Library File Download plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Media Library File Download versions = 1.4...

WordPress Create Posts & Terms plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Create Posts & Terms versions = 1.3.1...

WordPress Range Slider Addon for Gravity Forms plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by HunSec in WordPress Plugin Range Slider Addon for Gravity Forms versions = 1.1.6...

WordPress Insert PHP Code Snippet plugin <= 1.4.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Insert PHP Code Snippet versions = 1.4.3...