WordPress Fix Multiple Redirects plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Fix Multiple Redirects versions = 1.2.3...

WordPress Password only login plugin <= 0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Password only login versions = 0.2...

WordPress Simple Finance Calculator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Finance Calculator versions = 1.0...

WordPress xSmart theme <= 1.2.9.4 - Content Injection vulnerability

Content Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme xSmart versions = 1.2.9.4...

WordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Custom CSS versions = 1.4.0...

WordPress WSAnalytics plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WSAnalytics versions = 1.1.2...

WordPress AnyComment plugin <= 0.3.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rooting in WordPress Plugin AnyComment versions = 0.3.6...

WordPress Open Close WooCommerce Store plugin <= 4.9.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Open Close WooCommerce Store versions = 4.9.9...

WordPress Search & Go Theme <= 2.7 is vulnerable to Privilege Escalation

Software Search & Go Type Theme Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-11522 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 0f681595092d Credits khanhhnahk1...

WordPress Betheme Theme <= 28.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Betheme Type Theme Vulnerable versions = 28.1.6 Fixed in 28.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-9371 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 451fc05f11e2 Credits Zbigniew Piotrak Required...

WordPress Chartify plugin <= 3.5.9 - Missing Authentication for Administrative Function vulnerability

Missing Authentication for Administrative Function vulnerability discovered by WordFence in WordPress Plugin Chartify versions = 3.5.9...

WordPress RegistrationMagic plugin <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin RegistrationMagic versions = 6.0.6.2...

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Kishan Vyas in WordPress Plugin Motors versions = 1.4.89...

WordPress Community Events plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Community Events versions = 1.5.1...

WordPress Service Finder Bookings plugin <= 6.0 - Authentication Bypass via User Switch Cookie vulnerability

Authentication Bypass via User Switch Cookie vulnerability discovered by Foxyyy in WordPress Plugin Service Finder Booking versions = 6.0...

WordPress OrderConvo plugin < 14 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin OrderConvo versions 14...

WordPress Progress Planner plugin <= 1.8.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by NumeX in WordPress Plugin Progress Planner versions = 1.8.0...

WordPress Search & Filter plugin <= 1.2.17 - Cross Site Request Forgery (CSRF) to Open Redirect vulnerability

Cross Site Request Forgery CSRF to Open Redirect vulnerability discovered by ni gensho in WordPress Plugin Search & Filter versions = 1.2.17...

WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WP Business Hours versions = 1.4...

WordPress Neuronet theme < 1.14.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Neuronet versions 1.14.0...

WordPress Xcare theme < 6.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Xcare versions 6.5...

WordPress Awesome Testimonials plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Awesome Testimonials versions = 2.2.1...

WordPress Cornerstone plugin <= 7.7.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Cornerstone versions = 7.7.3...

WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image from URL versions = 5.2.7...

WordPress WP Reset plugin <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log vulnerability

Unauthenticated Sensitive Information Exposure via wf-licensing.log vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Reset versions = 2.05...

WordPress Blocksy Companion plugin <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Blocksy Companion versions = 2.1.14...

WordPress Responsive Lightbox & Gallery plugin < 2.5.3 - Unauthenticated Stored-XSS via Comments vulnerability

Unauthenticated Stored-XSS via Comments vulnerability discovered by Matthew Rollings in WordPress Plugin Responsive Lightbox versions 2.5.3...

WordPress Ultimate Addons for Elementor Lite plugin < 2.5.0 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Tony in WordPress Plugin Ultimate Addons for Elementor - Lite versions 2.5.0...

WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sonaar versions = 4.27.4...

WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sonaar versions = 4.27.4...

WordPress Table Block by RioVizual plugin <= 3.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by n0arafatn0 in WordPress Plugin Table Block by RioVizual versions = 3.0.0...

WordPress MSN Partner Hub plugin <= 2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by n0arafatn0 in WordPress Plugin MSN Partner Hub versions = 2.9...

WordPress Betheme theme <= 28.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Betheme versions = 28.2...

WordPress MapSVG plugin <= 8.7.22 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Gilang Asra Bilhadi - DJ in WordPress Plugin MapSVG versions = 8.7.22...

WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Testimonial Slider versions = 2.0.15...

WordPress The7 Elements plugin <= 2.7.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin The7 Elements versions = 2.7.11...

WordPress SEO Meta Description Updater plugin <= 1.2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin SEO Meta Description Updater versions = 1.2.0...

WordPress Nelio Content plugin <= 4.0.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Nelio Content versions = 4.0.5...

WordPress TempTool [Show Current Template Info] plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Denver Jackson in WordPress Plugin TempTool Show Current Template Info versions = 1.3.1...

WordPress Conversios.io plugin <= 7.2.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Conversios.io versions = 7.2.13...

WordPress The7 theme < 12.9.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme The7 versions 12.9.0...

WordPress The7 theme < 12.8.1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme The7 versions 12.8.1.1...

WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.3.17...

WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.3.17...

WordPress Marquee Addons for Elementor plugin <= 3.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Michael in WordPress Plugin Marquee Addons for Elementor versions = 3.8.2...

WordPress Export Categories plugin <= 1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Export Categories versions = 1.0...

WordPress Bulk Auto Image Title Attribute plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Bulk Auto Image Title Attribute versions = 2.0.1...

WordPress USERCENTRICS CMP plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin USERCENTRICS CMP versions = 1.0.9...

WordPress TS Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin TS Demo Importer versions = 0.1.3...

WordPress IgnitionDeck plugin <= 2.0.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin IgnitionDeck versions = 2.0.15...