WordPress AP Background plugin <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin AP Background versions = 3.8.2...

WordPress MPWizard plugin <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin MPWizard versions = 1.2.1...

WordPress AP Background plugin <= 3.8.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin AP Background versions = 3.8.2...

WordPress AP Background plugin 3.8.1-3.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload via advParallaxBackAdminSaveSlider Function vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload via advParallaxBackAdminSaveSlider Function vulnerability discovered by kr0d in WordPress Plugin AP Background versions 3.8.1-3.8.2...

WordPress Spirit Framework plugin <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation vulnerability

Authentication Bypass to Account Takeover and Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin Spirit Framework versions = 1.2.14...

WordPress Yoast SEO Premium plugin 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Yoast SEO Premium versions 25.7-25.9...

WordPress Ajax WooSearch plugin <= 1.0.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Ajax WooSearch versions = 1.0.0...

WordPress CTL Behance Importer Lite plugin <= 1.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin CTL Behance Importer Lite versions = 1.0...

WordPress Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin <= 0.8.8.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Jarno Vos jarnovos in WordPress Plugin Blappsta Mobile App Plugin Your native, mobile iPhone App and Android App versions = 0.8.8.8...

WordPress Schema Plugin For Divi, Gutenberg & Shortcodes plugin <= 4.3.2 - Authenticated (Contributor+) Object Instantiation vulnerability

Authenticated Contributor+ Object Instantiation vulnerability discovered by ch4r0n in WordPress Plugin WordPress Schema Plugin For Divi, Gutenberg & Shortcodes versions = 4.3.2...

WordPress PayPal Forms plugin <= 1.0.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin PayPal Forms versions = 1.0.3...

WordPress Epic Bootstrap Buttons plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icol Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via icol Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Epic Bootstrap Buttons versions = 1.0...

WordPress Customify Theme <= 0.4.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Customify Type Theme Vulnerable versions = 0.4.11 Fixed in 0.4.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-8669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 835c66f49faa Credits Dmitrii Ignatyev Required...

WordPress Constructor Theme <= 1.6.5 is vulnerable to Broken Access Control

Software Constructor Type Theme Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9194 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6d9c8944054 Credits Sulabh Jain pentestmonkey11 Required...

WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - Cross Site Request Forgery (CSRF) vulnerability

WordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin = 1.25 - Cross Site Request Forgery CSRF vulnerability discovered by Bibek Dhakal in WordPress Plugin WP Attractive Donations System - Easy Stripe & Paypal donations versions = 1.25...

WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Jock On Air Now JOAN versions = 6.0.4...

WordPress s2Member plugin <= 250905 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by ? in WordPress Plugin s2Member versions = 250905...

WordPress Custom Searchable Data Entry System plugin <= 1.7.1 - Unauthenticated Database Wiping vulnerability

Unauthenticated Database Wiping vulnerability discovered by Sean Murphy in WordPress Plugin Custom Searchable Data Entry System versions = 1.7.1...

WordPress Schema & Structured Data for WP & AMP plugin < 1.50 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Schema & Structured Data for WP & AMP versions 1.50...

WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Aiden in WordPress Plugin WooCommerce Vehicle Parts Finder versions = 3.7...

WordPress NEX-Forms LITE plugin < 8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NEX-Forms LITE versions 8.2...

WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Vehicle Parts Finder versions = 3.7...

WordPress Taskbot plugin <= 6.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Taskbot versions = 6.4...

WordPress Block For Mailchimp plugin <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by D01EXPLOIT OFFICIAL in WordPress Plugin MailChimp Block versions = 1.1.12...

WordPress ZoloBlocks plugin <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin ZoloBlocks versions = 2.3.10...

WordPress File Manager, Code editor, backup by Managefy plugin <= 1.6.1 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin File Manager, Code Editor, and Backup by Managefy versions = 1.6.1...

WordPress LockerPress – WordPress Security Plugin plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan in WordPress Plugin LockerPress versions = 1.0...

WordPress CF7 Auto Responder Addon plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin CF7 Auto Responder Addon versions = 2.4...

WordPress Flights & Hotels Booking WP Plugin plugin <= 3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Flights & Hotels Booking WP Plugin versions = 3.1...

WordPress Ultimate Learning Pro plugin <= 3.9.3 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Bonds in WordPress Plugin Ultimate Learning Pro versions = 3.9.3...

WordPress Download Manager plugin <= 3.3.32 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Download Manager versions = 3.3.32...

WordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin SMS Contact Form 7 Notifications by ClickSend versions = 1.4.0...

WordPress Effect Maker plugin <= 1.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Effect Maker versions = 1.2.1...

WordPress Opal Service plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Opal Service versions = 1.9.1...

WordPress SiteGround Email Marketing plugin <= 1.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SiteGround Email Marketing versions = 1.7.1...

WordPress AffiliateWP plugin <= 2.28.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by LionTree in WordPress Plugin AffiliateWP versions = 2.28.2...

WordPress SmartCrawl SEO plugin <= 3.14.3 - Missing Authorization to Plugin Settings Update vulnerability

Missing Authorization to Plugin Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin SmartCrawl versions = 3.14.3...

WordPress LatePoint plugin <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function vulnerability

Cross-Site Request Forgery to Account Takeover via changepassword Function vulnerability discovered by wesley wcraft in WordPress Plugin LatePoint versions = 5.1.94...

WordPress LatePoint plugin <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function vulnerability

Unauthenticated Authentication Bypass via loadstep Function vulnerability discovered by wesley wcraft in WordPress Plugin LatePoint versions = 5.1.94...

WordPress LatePoint plugin <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by WordFence in WordPress Plugin LatePoint versions = 5.1.94...

WordPress Rock Convert plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Rock Convert versions = 3.0.1...

WordPress LatePoint plugin <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin LatePoint versions = 5.1.94...

WordPress All Social Share Options plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin All Social Share Options versions = 1.0...

WordPress Mihdan: Elementor Yandex Maps plugin <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Marker Pins vulnerability discovered by zer0gh0st in WordPress Plugin Mihdan: Elementor Yandex Maps versions = 1.6.11...

WordPress Layers plugin <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Layers versions = 0.5...

WordPress Yoga Schedule Momoyoga plugin <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Yoga Schedule Momoyoga versions = 2.9.0...

WordPress Bei Fen – WordPress Backup Plugin plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion vulnerability

Authenticated Subscriber+ Local File Inclusion vulnerability discovered by Aril Aprilio forsak3n in WordPress Plugin Bei Fen versions = 1.4.2...

WordPress Post By Email plugin <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments vulnerability

Unauthenticated Arbitrary File Upload via Email Attachments vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Post By Email versions = 1.0.4b...

WordPress All in One Music Player plugin <= 1.3.1 - Authenticated (Contributor+) Path Traversal via theme Parameter vulnerability

Authenticated Contributor+ Path Traversal via theme Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin All in One Music Player versions = 1.3.1...

WordPress planetcalc plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via language Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin planetcalc versions = 2.2...