WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin UPC/EAN/GTIN Code Generator versions = 2.0.2...

WordPress HomeLancer theme <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Theme HomeLancer versions = 1.0.1...

WordPress Academist theme < 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Theme Academist versions 1.3...

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Luciano Hanna in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...

WordPress Houzez theme < 4.2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Theme Houzez versions 4.2.0...

WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Simple Content Templates for Blog Posts & Pages versions = 2.2.61...

WordPress BlindMatrix e-Commerce plugin < 3.1 - Contributor+ LFI vulnerability

Contributor+ LFI vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin BlindMatrix e-Commerce versions 3.1...

WordPress Felan Framework plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Activation/Deactivation via processpluginactions vulnerability discovered by István Márton in WordPress Plugin Felan Framework versions = 1.1.4...

WordPress Felan Framework plugin <= 1.1.4 - Hardcoded Credentials vulnerability

Hardcoded Credentials vulnerability discovered by István Márton in WordPress Plugin Felan Framework versions = 1.1.4...

WordPress Classified Pro theme <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation vulnerability discovered by István Márton in WordPress Theme ClassifiedPro versions = 1.0.14...

WordPress Truelysell Core plugin <= 1.8.6 - Unauthenticated Arbitrary User Password Change vulnerability

Unauthenticated Arbitrary User Password Change vulnerability discovered by István Márton in WordPress Plugin Truelysell Core versions = 1.8.6...

WordPress WP jQuery Pager plugin <= 1.4.0 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP jQuery Pager versions = 1.4.0...

WordPress ClassifiedPro Theme <= 1.0.14 is vulnerable to Broken Access Control

Software ClassifiedPro Type Theme Vulnerable versions = 1.0.14 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-10706 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 07ae0c93c744 Credits István Márton Required privileg...

WordPress Voice Feedback plugin <= 1.0.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Voice Feedback versions = 1.0.3...

WordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Product Table For WooCommerce versions = 1.2.4...

WordPress UDesign Core plugin <= 4.14.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UDesign Core versions = 4.14.0...

WordPress Blogmatic theme <= 1.0.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by ? in WordPress Theme Blogmatic versions = 1.0.3...

WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ? in WordPress Plugin Cost Calculator Builder versions = 3.5.32...

WordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin NikanWP WooCommerce Reporting versions = 1.0.0...

WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Reloadly versions = 2.0.1...

WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Tuturn versions 3.6...

WordPress Tuturn plugin < 3.6 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Tuturn versions 3.6...

WordPress ShopMagic plugin <= 4.5.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin ShopMagic versions = 4.5.6...

WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by 0xd4rk5id3 in WordPress Plugin SUMO Memberships for WooCommerce versions 7.8.0...

WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.10.4 - Path Traversal vulnerability

Path Traversal vulnerability discovered by ChuongVN in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.10.4...

WordPress GoStore theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme GoStore versions 1.6.4...

WordPress Keyy Two Factor Authentication (like Clef) plugin <= 1.2.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Keyy Two Factor Authentication like Clef versions = 1.2.3...

WordPress WP Dashboard Chat plugin <= 1.0.3 - Authenticated (Contributor+) SQL Injection via id vulnerability

Authenticated Contributor+ SQL Injection via id vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Dashboard Chat versions = 1.0.3...

WordPress DocoDoco Store Locator plugin <= 1.0.1 - Authenticated (Editor+) Arbitrary File Upload vulnerability

Authenticated Editor+ Arbitrary File Upload vulnerability discovered by ifoundbug in WordPress Plugin DocoDoco Store Locator versions = 1.0.1...

WordPress Find And Replace content for WordPress plugin <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ifoundbug in WordPress Plugin Find And Replace content for WordPress versions = 1.1...

WordPress Content Writer plugin <= 3.6.8 - Unauthenticated Information Exposure via Log File vulnerability

Unauthenticated Information Exposure via Log File vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin Content Writer versions = 3.6.8...

WordPress Digiseller plugin <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Digiseller versions = 1.3.0...

WordPress Category and Products Accordion Panel plugin <= 1.0 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Woocommerce Category and Products Accordion Panel versions = 1.0...

WordPress WP BookWidgets plugin <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP BookWidgets versions = 0.9...

WordPress TARIFFUXX plugin <= 1.4 - Authenticated (Contributor+) SQL Injection via tariffuxx_configurator Shortcode vulnerability

Authenticated Contributor+ SQL Injection via tariffuxxconfigurator Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin TARIFFUXX versions = 1.4...

WordPress Orion SMS OTP Verification plugin <= 1.1.7 - Authentication Bypass via Account Takeover vulnerability

Authentication Bypass via Account Takeover vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Orion SMS OTP Verification versions = 1.1.7...

WordPress Library Management System plugin <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Manipulation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Library Management System versions = 3.1...

WordPress WPBifröst – Instant Passwordless Temporary Login Links plugin <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WPBifröst – Instant Passwordless Temporary Login Links versions = 1.0.7...

WordPress External Login plugin <= 1.11.2 - Unauthenticated SQL Injection via log vulnerability

Unauthenticated SQL Injection via log vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin External Login versions = 1.11.2...

WordPress External Login plugin <= 1.11.2 - Authenticated (Subscriber+) Sensitive Data Exposure via Test Connection vulnerability

Authenticated Subscriber+ Sensitive Data Exposure via Test Connection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin External Login versions = 1.11.2...

WordPress Login with YourMembership - YM SSO Login plugin <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moym_display_test_attributes' vulnerability

WordPress Login with YourMembership - YM SSO Login plugin = 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moymdisplaytestattributes' vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin YourMembership Single Sign On versions = 1.1.7...

WordPress Dhivehi Text plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Dhivehi Text versions = 0.1...

WordPress WP Google Map Plugin plugin <= 1.0 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Google Map versions = 1.0...

WordPress URLYar plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin URLYar URL Shortner versions = 1.1.0...

WordPress onOffice for WP-Websites plugin <= 6.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dutafi in WordPress Plugin onOffice for WP-Websites versions = 6.5.1...

WordPress Theme Importer plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Theme Importer versions = 1.0...

WordPress Rich Snippet Site Report plugin <= 2.0.0105 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by johska in WordPress Theme Rich Snippet Site Report versions = 2.0.0105...

WordPress FunKItools plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin FunKItools versions = 1.0.2...

WordPress Task Scheduler plugin <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery vulnerability

Authenticated Admin+ Blind Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Task Scheduler versions = 1.6.3...

WordPress Demo Import Kit plugin <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by vodanh in WordPress Plugin Demo Import Kit versions = 1.1.0...