WordPress Penci Podcast Plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Podcast versions = 1.6...

WordPress Penci Recipe Plugin <= 4.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Recipe versions = 4.0...

WordPress Penci Portfolio Plugin <= 3.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Portfolio versions = 3.5...

WordPress Penci Shortcodes & Performance Plugin < 6.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Shortcodes & Performance versions 6.1...

WordPress Soledad Theme <= 8.6.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Soledad versions = 8.6.8...

WordPress Soledad Theme <= 8.6.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Soledad versions = 8.6.8...

WordPress Media Library Assistant Plugin <= 3.28 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Media LIbrary Assistant versions = 3.28...

WordPress wpDiscuz Plugin <= 7.6.33 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Legion Hunter in WordPress Plugin wpDiscuz versions = 7.6.33...

WordPress Make Column Clickable Elementor Plugin <= 1.6.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Ritsuy in WordPress Plugin Make Column Clickable Elementor versions = 1.6.0...

WordPress Colibri Page Builder Plugin < 1.0.334 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by savphill in WordPress Plugin Colibri Page Builder versions 1.0.334...

WordPress CouponXxL Theme <= 4.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CouponXxL Type Theme Vulnerable versions = 4.5.0 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-58013 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7ea2a224d874 Credits Bonds Required privilege...

WordPress imEvent Theme <= 3.4.0 is vulnerable to Broken Access Control

Software imEvent Type Theme Vulnerable versions = 3.4.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58243 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8a9b5f890122 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Core <= 6.8.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Type WordPress Core Vulnerable versions = 6.8.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-58674 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5699e05fdc3a Credits savphill Required privilege Author...

WordPress Core <= 6.8.2 is vulnerable to Sensitive Data Exposure

Software WordPress Type WordPress Core Vulnerable versions = 6.8.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2025-58246 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1cbfa3e3eda1 Credits Abu Hurayra Required...

WordPress Soledad Theme <= 8.6.8 is vulnerable to Cross Site Scripting (XSS)

Software Soledad Type Theme Vulnerable versions = 8.6.8 Fixed in 8.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-59589 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 129327b97bb0 Credits João Pedro S Alcântara Kinorth Required privile...

WordPress Soledad Theme <= 8.6.8 is vulnerable to Local File Inclusion

Software Soledad Type Theme Vulnerable versions = 8.6.8 Fixed in 8.6.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-59588 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID f13a1bdefc14 Credits João Pedro S Alcântara Kinorth Required privilege...

WordPress Constructo Theme <= 4.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Constructo Type Theme Vulnerable versions = 4.3.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-58244 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 60cf627805f3 Credits Tran Nguyen Bao Khanh VCI -...

WordPress Nokri Theme <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Nokri Type Theme Vulnerable versions = 1.6.4 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-58259 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 2379088ca94b Credits Tran Nguyen Bao Khanh VCI -...

WordPress Findgo Theme <= 1.3.55 is vulnerable to Cross Site Request Forgery (CSRF)

Software Findgo Type Theme Vulnerable versions = 1.3.55 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-58250 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 3d6b8977539c Credits Tran Nguyen Bao Khanh VCI - VN...

WordPress DriCub Theme <= 2.9 is vulnerable to Broken Access Control

Software DriCub Type Theme Vulnerable versions = 2.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58004 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 170d8c12fcfe Credits Bonds Required privilege Unauthenticated...

WordPress DriCub Theme <= 2.9 is vulnerable to Server Side Request Forgery (SSRF)

Software DriCub Type Theme Vulnerable versions = 2.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2025-58005 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1d20e3f4bf71 Credits Bonds Required privilege Unauthenticated...

WordPress WPLMS Theme <= 4.970 is vulnerable to Broken Access Control

Software WPLMS Type Theme Vulnerable versions = 4.970 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58668 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b45c9c5a0459 Credits Rafie Muhammad Patchstack Required privile...

WordPress Ads by WPQuads Plugin <= 2.0.94 is vulnerable to Cross Site Scripting (XSS)

Software Ads by WPQuads Type Plugin Vulnerable versions = 2.0.94 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-53459 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4aae3292fa40 Credits Fiqro Najiah Required privilege...

WordPress Import Markdown Plugin <= 1.14 is vulnerable to Cross Site Scripting (XSS)

Software Import Markdown Type Plugin Vulnerable versions = 1.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-57901 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3d88e282a665 Credits minseok Kim Required privilege Contributo...

WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Najib Sinjari in WordPress Plugin Advanced Custom Fields : CPT Options Pages versions = 2.0.9...

WordPress Simple User Registration plugin <= 6.8 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple User Registration versions = 6.8...

WordPress SEO Pyramid plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin SEO Pyramid versions = 1.9.8...

WordPress Likert Survey Master plugin <= 0.8.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Likert Survey Master versions = 0.8.0.1...

WordPress Dokan plugin <= 4.1.3 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Dokan versions = 4.1.3...

WordPress Booking and Rental Manager plugin <= 2.5.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Booking and Rental Manager versions = 2.5.4...

WordPress osTicket WP Bridge plugin <= 1.9.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin osTicket WP Bridge versions = 1.9.2...

WordPress Custom Login And Signup Widget plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by sk4r1 in WordPress Plugin Custom Login And Signup Widget versions = 1.0...

WordPress Browser Sniff plugin <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Browser Sniff versions = 2.3...

WordPress SupportCandy plugin <= 3.3.7 - Authentication Bypass to Support Session Takeover vulnerability

Authentication Bypass to Support Session Takeover vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin SupportCandy versions = 3.3.7...

WordPress ClickWhale plugin <= 2.5.0 - Authenticated (Admin+) SQL injection vulnerability

Authenticated Admin+ SQL injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin ClickWhale versions = 2.5.0...

WordPress Secure Passkeys plugin <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Passkey Exposure and Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Secure Passkeys versions = 1.2.1...

WordPress Internal Links Manager plugin <= 3.0.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by WordFence in WordPress Plugin Internal Links Manager versions = 3.0.1...

WordPress SureForms – Drag and Drop Form Builder for WordPress plugin <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation vulnerability

Missing Authorization to Authenticated Contributor+ Form Creation vulnerability discovered by Alex in WordPress Plugin SureForms versions = 1.12.0...

WordPress Draft List plugin <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Whyshealwaysbrokeme in WordPress Plugin Draft List versions = 2.6...

WordPress Robcore Netatmo plugin <= 1.7 - Authenticated (Contributor+) SQL Injection via robcore-netatmo Shortcode vulnerability

Authenticated Contributor+ SQL Injection via robcore-netatmo Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Robcore Netatmo versions = 1.7...

WordPress Miniorange OTP Verification with Firebase plugin 3.1.0-3.6.2 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Miniorange OTP Verification with Firebase versions 3.1.0-3.6.2...

WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WooCommerce Orders & Customers Exporter versions = 5.4...

WordPress Author: Munzir plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Author: Munzir versions = 0.9...

WordPress Triss theme <= 2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Triss versions = 2.6...

WordPress WhatsApp Chat for WordPress and WooCommerce plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WhatsApp Chat for WordPress and WooCommerce versions = 1.2.1...

WordPress Embed PDF for WPForms plugin <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by theviper17y in WordPress Plugin Embed PDF for WPForms versions = 1.1.5...

WordPress Service Finder Bookings plugin <= 6.0 - Unauthenticated Privilege Escalation via claim_business vulnerability

Unauthenticated Privilege Escalation via claimbusiness vulnerability discovered by Foxyyy in WordPress Plugin Service Finder Booking versions = 6.0...

WordPress Download Manager plugin <= 3.3.23 - Reflected Cross-Site Scripting via `user_ids` Parameter vulnerability

Reflected Cross-Site Scripting via userids Parameter vulnerability discovered by vgo0 in WordPress Plugin Download Manager versions = 3.3.23...

WordPress Service Finder SMS System plugin <= 2.0.0 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Foxyyy in WordPress Plugin Service Finder SMS System versions = 2.0.0...

WordPress Kubio AI Page Builder plugin <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Installation vulnerability discovered by wesley wcraft in WordPress Plugin Kubio AI Page Builder versions = 2.6.3...