WordPress YouTube Showcase plugin <= 3.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin YouTube Showcase versions = 3.5.0...

WordPress DentiCare Theme < 1.4.3 is vulnerable to PHP Object Injection

Software DentiCare Type Theme Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-54723 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c2cef3d0d976 Credits Bonds Required privilege Unauthenticated Publishe...

WordPress Uni CPO (Premium) plugin <= 4.9.54 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file' vulnerability

Unauthenticated Arbitrary File Upload via 'unicpouploadfile' vulnerability discovered by Ren Voza in WordPress Plugin Uni CPO Premium versions = 4.9.54...

WordPress Podlove Podcast Publisher plugin <= 4.2.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Podlove Podcast Publisher versions = 4.2.6...

WordPress Markup Markdown plugin < 3.20.10 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by minseok Kim in WordPress Plugin Markup Markdown versions 3.20.10...

WordPress Admin and Site Enhancements plugin < 7.9.8 - Authenticated Stored XSS via SVG vulnerability

Authenticated Stored XSS via SVG vulnerability discovered by NGUYEN HOANG DUY in WordPress Plugin Admin and Site Enhancements ASE versions 7.9.8...

WordPress Etsy Shop plugin < 3.0.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Etsy Shop versions 3.0.7...

WordPress WPCasa plugin <= 1.4.1 - Unauthenticated Code Injection vulnerability

Unauthenticated Code Injection vulnerability discovered by mikemyers in WordPress Plugin WPCasa versions = 1.4.1...

WordPress Widget Options - Extended plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Widget Options - Extended plugin = 5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Widget Options - Extended versions = 5.2.1...

WordPress Advanced Views plugin <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI vulnerability

Authenticated Author+ Remote Code Execution via SSTI vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Advanced Views versions = 3.7.19...

WordPress core <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability

Author+ Cross Site Scripting XSS Vulnerability discovered by savphill in WordPress core versions = 6.8.2...

WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability

Contributor+ Sensitive Data Exposure Vulnerability discovered by Abu Hurayra in WordPress core versions = 6.8.2...

WordPress Easy Pricing Table WP Plugin <= 1.1.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Peter Thaleikis in WordPress Plugin Easy Pricing Table WP versions = 1.1.3...

WordPress Mihdan: No External Links Plugin <= 5.1.6.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin Mihdan: No External Links versions = 5.1.6.2...

WordPress Event Rocket Plugin <= 3.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by muhammad yudha in WordPress Plugin Event Rocket versions = 3.3...

WordPress Ultimate WP Mail Plugin <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate WP Mail versions = 1.3.8...

WordPress CashBill.pl – Płatności WooCommerce Plugin <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin CashBill.pl Płatności WooCommerce versions = 3.2.1...

WordPress SEO Backlink Monitor plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin SEO Backlink Monitor versions = 1.8.0...

WordPress SEO Backlink Monitor plugin <= 1.8.0 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin SEO Backlink Monitor versions = 1.8.0...

WordPress Goracash Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Vinit Lakra in WordPress Plugin Goracash versions = 1.1...

WordPress AffiliateWP – External Referral Links Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin AffiliateWP – External Referral Links versions = 1.2.0...

WordPress Beaf Plugin <= 1.6.2 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Beaf versions = 1.6.2...

WordPress SAPO Feed plugin <= 2.4.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Vinit Lakra in WordPress Plugin SAPO Feed versions = 2.4.2...

WordPress HT Mega – Absolute Addons for WPBakery Page Builder Plugin <= 1.0.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin HT Mega – Absolute Addons for WPBakery Page Builder versions = 1.0.9...

WordPress WP Mailto Links Plugin <= 3.1.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bao BlueRock in WordPress Plugin WP Mailto Links versions = 3.1.4...

WordPress GSheets Connector Plugin <= 1.1.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin GSheets Connector versions = 1.1.1...

WordPress Better Find and Replace Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Better Find and Replace versions = 1.7.6...

WordPress Login-Logout Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Login-Logout versions = 3.8...

WordPress Wp tabber widget Plugin <= 4.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Peter Thaleikis in WordPress Plugin Wp tabber widget versions = 4.0...

WordPress BMI Adult & Kid Calculator Plugin <= 1.2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin BMI Adult & Kid Calculator versions = 1.2.2...

WordPress DELUCKS SEO Plugin <= 2.7.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin DELUCKS SEO versions = 2.7.0...

WordPress WP Frontend Admin plugin <= 1.22.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Frontend Admin versions = 1.22.7...

WordPress WP Compress Plugin <= 6.50.54 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Compress versions = 6.50.54...

WordPress GutenKit Plugin <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin GutenKit versions = 2.4.2...

WordPress RIS Version Switcher – Downgrade or Upgrade WP Versions Easily Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by johska in WordPress Plugin RIS Version Switcher Downgrade or Upgrade WP Versions Easily versions = 1.0...

WordPress WooCommerce Additional Fees On Checkout (Free) plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin WooCommerce Additional Fees On Checkout Free versions = 1.5.2...

WordPress Sales Count Manager for WooCommerce plugin <= 2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Sales Count Manager for WooCommerce versions = 2.6...

WordPress AgreeMe Checkboxes For WooCommerce Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin AgreeMe Checkboxes For WooCommerce versions = 1.1.3...

WordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Epeken All Kurir versions = 2.0.6...

WordPress Heureka Plugin <= 1.1.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Heureka versions = 1.1.0...

WordPress Product Time Countdown for WooCommerce plugin <= 1.6.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Product Time Countdown for WooCommerce versions = 1.6.5...

WordPress Editor Custom Color Palette plugin <= 3.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peter Thaleikis in WordPress Plugin Editor Custom Color Palette versions = 3.5.4...

WordPress AnyClip Luminous Studio Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin AnyClip Luminous Studio versions = 1.3.3...

WordPress Adverts Plugin <= 1.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Adverts versions = 1.4...

WordPress Dialogity Free Live Chat plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Vinit Lakra in WordPress Plugin Dialogity Free Live Chat versions = 1.0.3...

WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Behance Portfolio Manager versions = 1.7.5...

WordPress Deliver via Shipos for WooCommerce plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Deliver via Shipos for WooCommerce versions = 3.0.2...

WordPress TOCHAT.BE Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin TOCHAT.BE versions = 1.3.4...

WordPress WP System Information Plugin <= 1.5 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Nabil Irawan in WordPress Plugin WP System Information versions = 1.5...

WordPress Printcart Web to Print Product Designer for WooCommerce plugin <= 2.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Printcart Web to Print Product Designer for WooCommerce versions = 2.4.7...