WordPress Ronneby Theme Core plugin <= 1.5.68 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ronneby Theme Core versions = 1.5.68...

WordPress Ronneby Theme Core plugin <= 1.5.68 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ronneby Theme Core versions = 1.5.68...

WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WPLMS versions = 1.9.9.5.4...

WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Consulting Elementor Widgets versions = 1.4.2...

WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Consulting Elementor Widgets versions = 1.4.2...

WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Consulting versions 6.7.5...

WordPress Sahifa theme < 5.8.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Sahifa versions 5.8.6...

WordPress wpresidence theme <= 5.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme wpresidence versions = 5.3.2...

WordPress Web Accessibility By accessiBe plugin <= 2.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Web Accessibility By accessiBe versions = 2.10...

WordPress wpresidence Theme <= 5.3.2 is vulnerable to Broken Access Control

Software wpresidence Type Theme Vulnerable versions = 5.3.2 Fixed in 5.3.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-64199 Patch priority Low CVSS severity Low 5.3 Developer sc Internet Vivoo PSID 1c3b4381448c Credits João Pedro S Alcântara Kinorth...

WordPress Sahifa Theme < 5.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Sahifa Type Theme Vulnerable versions 5.8.6 Fixed in 5.8.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-64202 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32bb45fc3f37 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Easy Social Share Buttons plugin < 10.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Easy Social Share Buttons versions 10.7.1...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.15...

WordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin DoFollow Case by Case versions = 3.5.1...

WordPress SimpLy Gallery plugin <= 3.3.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin SimpLy Gallery versions = 3.3.2.1...

WordPress WPMobile.App plugin <= 11.71 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin WPMobile.App versions = 11.71...

WordPress FileBird Pro plugin <= 6.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin FileBird Pro versions = 6.5.1...

WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Gutenberg versions = 21.8.2...

WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by mcdruid in WordPress Plugin HAPPY versions = 1.0.7...

WordPress The7 theme <= 12.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'the7_fancy_title_css' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'the7fancytitlecss' vulnerability discovered by Muhammad Yudha - DJ in WordPress Theme The7 versions = 12.9.1...

WordPress Product Filter by WBW plugin <= 2.9.7 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin Product Filter by WBW versions = 2.9.7...

WordPress Stripe Payment Forms plugin <= 8.3.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin WP Full Stripe Free versions = 8.3.1...

WordPress Fast Velocity Minify plugin <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Cody Sixteen in WordPress Plugin Fast Velocity Minify versions = 3.5.1...

WordPress Password Policy Manager plugin <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out vulnerability

Missing Authorization to Authenticated Subscriber+ Configuration Log Out vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Password Policy Manager versions = 2.0.5...

WordPress Social Feed Gallery plugin <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by 3r1c e in WordPress Plugin WP Social Feed Gallery versions = 4.9.2...

WordPress Widget Options plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Widget Options versions = 4.1.2...

WordPress SpendeOnline.org plugin <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin SpendeOnline.org versions = 3.0.1...

WordPress Discussion Board – WordPress Forum Plugin plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin Discussion Board versions = 2.5.5...

WordPress wpForo Forum plugin <= 2.4.8 - Unauthenticated SQL Injection via get_members Function vulnerability

Unauthenticated SQL Injection via getmembers Function vulnerability discovered by mikemyers in WordPress Plugin wpForo Forum versions = 2.4.8...

WordPress Charitable plugin <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Charitable versions = 1.8.8.4...

WordPress Directorist plugin <= 8.4.8 - Authenticated (Subscriber+) Arbitrary File Move vulnerability

Authenticated Subscriber+ Arbitrary File Move vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Directorist versions = 8.4.8...

WordPress Tutor LMS Pro plugin <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to View/Edit Other Assignments vulnerability discovered by sergioframi in WordPress Plugin Tutor LMS Pro versions = 3.8.3...

WordPress ShopEngine plugin <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update vulnerability

Incorrect Authorization to Authenticated Editor+ License Status Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin ShopEngine versions = 4.8.4...

WordPress Product Filter by WBW plugin <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Product Filter by WBW versions = 3.0.0...

WordPress Tutor LMS plugin <= 3.8.3 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by sergioframi in WordPress Plugin Tutor LMS versions = 3.8.3...

WordPress Simple Registration for WooCommerce plugin <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request Approval vulnerability

Cross-Site Request Forgery to Privilege Escalation via Role Request Approval vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Simple Registration for WooCommerce versions = 1.5.8...

WordPress Listeo plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via soundcloud Shortcode vulnerability discovered by Craig Webb in WordPress Theme Listeo versions = 2.0.8...

WordPress Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks plugin <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Gutenberg Blocks versions = 3.3.4...

WordPress Testimonial Carousel For Elementor plugin <= 11.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Testimonial Carousel For Elementor versions = 11.6.2...

WordPress User Feedback plugin <= 1.8.0 - Missing Authorization to Information Disclosure vulnerability

Missing Authorization to Information Disclosure vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin User Feedback versions = 1.8.0...

WordPress Open Source Genesis Framework plugin <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Shortcodes vulnerability discovered by Muhammad Yudha - DJ in WordPress Theme Genesis Framework versions = 3.6.0...

WordPress Watu Quiz plugin <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer vulnerability

Unauthenticated Stored Cross-Site Scripting via HTTP Referer vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Watu Quiz versions = 3.4.4...

WordPress Tutor LMS plugin <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update vulnerability

Missing Authorization to Unauthenticated Payment Status Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Tutor LMS versions = 3.8.3...

WordPress Password Protected plugin <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing vulnerability

Unauthenticated Authorization Bypass via IP Address Spoofing vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Password Protected versions = 2.7.11...

WordPress GenerateBlocks plugin <= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options Disclosure vulnerability

Improper Authorization to Authenticated Contributor+ Arbitrary Options Disclosure vulnerability discovered by Lucas Montes Nirox in WordPress Plugin GenerateBlocks versions = 2.1.1...

WordPress WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin <= 8.5.41 - Improper Authorization to Authenticated (Contributor+) Plugin Settings Update vulnerability

Improper Authorization to Authenticated Contributor+ Plugin Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WP VR versions = 8.5.41...

WordPress ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin ShopLentor versions = 3.2.4...

WordPress The7 Theme <= 12.9.1 is vulnerable to Cross Site Scripting (XSS)

Software The7 Type Theme Vulnerable versions = 12.9.1 Fixed in 12.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-11897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 600f7d8465b6 Credits Muhammad Yudha - DJ Required...

WordPress Listeo Theme <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Listeo Type Theme Vulnerable versions = 2.0.8 Fixed in 2.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-8413 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2a561241c24c Credits Craig Webb Required privilege...

WordPress BackWPup plugin 5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin BackWPup versions 5...