WordPress WP Media Categories Plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin WP Media Categories versions = 2.1.0...

WordPress PE Easy Slider Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin PE Easy Slider versions = 1.1.0...

WordPress Video Blogster Lite Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Video Blogster Lite versions = 1.2...

WordPress Werk aan de Muur Plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Werk aan de Muur versions = 1.5...

WordPress WEDOS Global Plugin <= 1.2.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin WEDOS Global versions = 1.2.2...

WordPress Yext Plugin <= 1.1.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Yext versions = 1.1.3...

WordPress Delisho Plugin <= 1.1.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Delisho versions = 1.1.3...

WordPress CopySafe Web Protection plugin <= 5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin CopySafe Web Protection versions = 5.1...

WordPress Testimonial Slider Plugin <= 3.5.8.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Testimonial Slider versions = 3.5.8.6...

WordPress FoodBook Plugin <= 4.7.6 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Bonds in WordPress Plugin FoodBook versions = 4.7.6...

WordPress Simple Colorbox Plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Simple Colorbox versions = 1.6.1...

WordPress HivePress Claim Listings plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin HivePress Claim Listings versions = 1.1.3...

WordPress HivePress Claim Listings plugin <= 1.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin HivePress Claim Listings versions = 1.1.4...

WordPress WooEvents plugin <= 4.1.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin WooEvents versions = 4.1.7...

WordPress WP Directory Kit plugin <= 1.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin WP Directory Kit versions = 1.4.0...

WordPress CoSchedule Plugin <= 3.3.11 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Bao - BlueRock in WordPress Plugin CoSchedule versions = 3.3.11...

WordPress PGS Core Plugin <= 5.9.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin PGS Core versions = 5.9.0...

WordPress Vehica Core Plugin <= 1.0.100 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Vehica Core versions = 1.0.100...

WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Grand Conference Theme Custom Post Type versions 2.6.4...

WordPress Instapage plugin plugin <= 3.7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Instapage Plugin versions = 3.7.0...

WordPress YayCurrency plugin <= 3.3.1 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by Nabil Irawan in WordPress Plugin YayCurrency versions = 3.3.1...

WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Groovy Menu versions = 1.4.3...

WordPress aThemes Addons for Elementor Plugin <= 1.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin aThemes Addons for Elementor versions = 1.1.2...

WordPress Javo Core Plugin <= 3.0.0.266 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Javo Core versions = 3.0.0.266...

WordPress AllInOne - Banner Rotator Plugin <= 3.8 - SQL Injection Vulnerability

WordPress AllInOne - Banner Rotator Plugin = 3.8 - SQL Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin AllInOne - Banner Rotator versions = 3.8...

WordPress LambertGroup - AllInOne - Content Slider Plugin <= 3.8 - SQL Injection Vulnerability

WordPress LambertGroup - AllInOne - Content Slider Plugin = 3.8 - SQL Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LambertGroup - AllInOne - Content Slider versions = 3.8...

WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability

WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin = 3.8 - SQL Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LambertGroup - AllInOne - Banner with Thumbnails versions = 3.8...

WordPress LambertGroup - AllInOne - Banner with Playlist Plugin <= 3.8 - SQL Injection Vulnerability

WordPress LambertGroup - AllInOne - Banner with Playlist Plugin = 3.8 - SQL Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LambertGroup - AllInOne - Banner with Playlist versions = 3.8...

WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by Denver Jackson in WordPress Plugin EmailKit versions = 1.6.0...

WordPress Ditty Plugin <= 3.1.58 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Ditty versions = 3.1.58...

WordPress Gallery Custom Links Plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by NumeX in WordPress Plugin Gallery Custom Links versions = 2.2.5...

WordPress ListingPro plugin <= 2.9.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin ListingPro versions = 2.9.8...

WordPress WPFront User Role Editor Plugin <= 4.2.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin WPFront User Role Editor versions = 4.2.3...

WordPress Woostify Theme <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by savphill in WordPress Theme Woostify versions = 2.4.2...

WordPress XStore theme < 9.6 - Content Injection vulnerability

Content Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions 9.6...

WordPress Embed Any Document Plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 63n0 in WordPress Plugin Embed Any Document versions = 2.7.7...

WordPress Theme My Login Plugin <= 7.1.12 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Psai in WordPress Plugin Theme My Login versions = 7.1.12...

WordPress TheGem Theme <= 5.10.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme TheGem versions = 5.10.5...

WordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme TheGem Elementor versions = 5.10.5...

WordPress Stackable Plugin <= 3.18.1 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Abu Hurayra in WordPress Plugin Stackable versions = 3.18.1...

WordPress Stackable Plugin <= 3.18.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Abu Hurayra in WordPress Plugin Stackable versions = 3.18.1...

WordPress Download Manager Plugin <= 3.3.24 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Download Manager versions = 3.3.24...

WordPress Download Manager Plugin <= 3.3.25 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Download Manager versions = 3.3.25...

WordPress wp-mpdf Plugin <= 3.9.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin wp-mpdf versions = 3.9.1...

WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability

Content Injection vulnerability discovered by Najib Sinjari in WordPress Plugin Contact Form 7 – Dynamic Text Extension versions = 5.0.5...

WordPress TweetThis Shortcode plugin <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin TweetThis Shortcode versions = 1.8.0...

WordPress Markdown Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Markdown Shortcode versions = 0.2.1...

WordPress Backuply plugin <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion vulnerability

Authenticated Admin+ Arbitrary File Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Backuply – Backup, Restore, Migrate and Clone versions = 1.4.8...

WordPress Zephyr Project Manager plugin <= 3.3.202 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Zephyr Project Manager versions = 3.3.202...

WordPress Frames Theme <= 1.5.7 is vulnerable to Broken Access Control

Software Frames Type Theme Vulnerable versions = 1.5.7 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-60165 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1a5c2dd18dd5 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...