WordPress GSheetConnector For Gravity Forms plugin <= 1.3.23 - Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation vulnerability

Cross-Site Request Forgery to Arbitrary Plugin Activation/Deactivation vulnerability discovered by wesley wcraft in WordPress Plugin Gravity Forms Google Sheet Connector versions = 1.3.23...

WordPress GSheetConnector For Gravity Forms plugin <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by wesley wcraft in WordPress Plugin Gravity Forms Google Sheet Connector versions = 1.3.27...

WordPress Newsup theme <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Newsup versions = 5.0.10...

WordPress Stock History & Reports Manager for WooCommerce plugin <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Stock History & Reports Manager for WooCommerce versions = 2.2.1...

WordPress WidgetPack Comment System plugin <= 1.6.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin WidgetPack Comment System versions = 1.6.1...

WordPress Web Accessibility By accessiBe plugin <= 2.10 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Moose Love in WordPress Plugin Web Accessibility By accessiBe versions = 2.10...

WordPress Page Blocks plugin <= 1.1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin Page Blocks versions = 1.1.0...

WordPress WP Scraper plugin <= 5.8.1 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Valatty in WordPress Plugin TwentyFourth WP Scraper versions = 5.8.1...

WordPress WP Easy Toggles plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP Easy Toggles versions = 1.9.0...

WordPress WooCommerce Designer Pro plugin <= 1.9.26 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Tonn in WordPress Plugin WooCommerce Designer Pro versions = 1.9.26...

WordPress Code Quality Control Tool plugin <= 0.1 - Unauthenticated Information Exposure via Log Files vulnerability

Unauthenticated Information Exposure via Log Files vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Code Quality Control Tool versions = 0.1...

WordPress Course Redirects for Learndash Plugin plugin <= 0.4 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Course Redirects for Learndash versions = 0.4...

WordPress Education WordPress Theme | HiStudy theme < 3.1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Theme Education WordPress Theme | HiStudy versions 3.1.0...

WordPress Error Log Viewer by BestWebSoft plugin <= 1.1.6 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Duc Manh in WordPress Plugin Error Log Viewer by BestWebSoft versions = 1.1.6...

WordPress Custom 404 Pro plugin <= 3.12.0 - Authenticated (Administrator+) SQL Injection via `path` Parameter vulnerability

Authenticated Administrator+ SQL Injection via path Parameter vulnerability discovered by jamaal in WordPress Plugin Custom 404 Pro versions = 3.12.0...

WordPress WordPress Live Webcam Widget & Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin WordPress Live Webcam Widget & Shortcode versions = 1.2...

WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin H5P versions = 1.16.0...

WordPress Newsup Theme <= 5.0.10 is vulnerable to Broken Access Control

Software Newsup Type Theme Vulnerable versions = 5.0.10 Fixed in 5.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8682 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9037492b67e8 Credits Dmitrii Ignatyev Required privilege...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by an unknown individual in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.10.5.1...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by an unknown individual in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.10.5.1...

WordPress TheGem (Elementor) theme <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Theme TheGem Elementor versions = 5.10.5.1...

WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Lorenzo Camilli in WordPress Plugin Contest Gallery versions = 28.0.0...

WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by n0arafatn0 in WordPress Plugin ChatBot versions = 7.3.9...

WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin MasterStudy LMS Pro versions 4.7.16...

WordPress MasterStudy LMS Pro plugin < 4.7.16 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin MasterStudy LMS Pro versions 4.7.16...

WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin MasterStudy LMS Pro versions 4.7.16...

WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Masterstudy Elementor Widgets versions = 1.2.4...

WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Masterstudy Elementor Widgets versions = 1.2.4...

WordPress Masterstudy theme < 4.8.122 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Masterstudy versions 4.8.122...

WordPress Porto Theme - Functionality plugin < 3.7.3 - Broken Access Control vulnerability

WordPress Porto Theme - Functionality plugin 3.7.3 - Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Porto Theme - Functionality versions 3.7.3...

WordPress Karzo theme < 2.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Karzo versions 2.6...

WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Activity Plus Reloaded for BuddyPress versions = 1.1.2...

WordPress YOP Poll plugin <= 6.5.37 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Plugin YOP Poll versions = 6.5.37...

WordPress Porto Theme - Functionality plugin < 3.7.3 - Cross Site Scripting (XSS) vulnerability

WordPress Porto Theme - Functionality plugin 3.7.3 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Porto Theme - Functionality versions 3.7.3...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.6.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by n0arafatn0 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.6.6...

WordPress MeetingHub plugin <= 1.23.9 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Denver Jackson in WordPress Plugin MeetingHub versions = 1.23.9...

WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Advanced scrollbar versions = 1.1.8...

WordPress Enzy theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Enzy versions 1.6.4...

WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ? in WordPress Theme Togo versions 1.0.4...

WordPress Togo theme < 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Theme Togo versions 1.0.4...

WordPress Togo theme < 1.0.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by ? in WordPress Theme Togo versions 1.0.4...

WordPress Togo theme < 1.0.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by ? in WordPress Theme Togo versions 1.0.4...

WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ? in WordPress Theme Togo versions 1.0.4...

WordPress Emails Catch All plugin <= 3.5.3 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Denver Jackson in WordPress Plugin Emails Catch All versions = 3.5.3...

WordPress Date counter plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Date counter versions = 2.0.3...

WordPress Easy Plugin Stats plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Easy Plugin Stats versions = 2.0.1...

WordPress CM Registration – Tailored tool for seamless login and invitation-based registrations plugin <= 2.5.6 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin CM Registration and Invitation Codes versions = 2.5.6...

WordPress Ovatheme Events Manager plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Ovatheme Events Manager versions = 1.8.5...

WordPress Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin <= 27.0.3 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Contest Gallery versions = 27.0.3...

WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation vulnerability

Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPC Smart Wishlist for WooCommerce versions = 5.0.3...