WordPress Rehub Theme <= 19.9.7 is vulnerable to Sensitive Data Exposure

Software Rehub Type Theme Vulnerable versions = 19.9.7 Fixed in 19.9.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Sensitive Data Exposure CVE CVE-2025-7368 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2dc0fcd2d1f5 Credits stealthcopter...

WordPress OceanWP Theme < 4.1.2 is vulnerable to Settings Change

Software OceanWP Type Theme Vulnerable versions 4.1.2 Fixed in 4.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2025-8944 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e2cdad6661d0 Credits Hamit Cibo Required...

WordPress Flatsome plugin <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by stealthcopter in WordPress Theme Flatsome versions = 3.20.0...

WordPress WordPress Helpdesk Integration plugin <= 5.8.10 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Aril Aprilio forsak3n in WordPress Plugin WordPress Helpdesk Integration versions = 5.8.10...

WordPress PopAd plugin <= 1.0.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin PopAd versions = 1.0.4...

WordPress GlamChic theme <= 1.0.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme GlamChic versions = 1.0.11...

WordPress Gardis theme <= 1.2.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gardis versions = 1.2.13...

WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Paypal Payments versions = 5.7.46...

WordPress Femme theme <= 1.3.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Femme versions = 1.3.11...

WordPress Farm Agrico theme <= 1.3.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Farm Agrico versions = 1.3.11...

WordPress Faith & Hope theme <= 2.13.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Faith & Hope versions = 2.13.0...

WordPress Exit Game theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Exit Game versions = 1.4.3...

WordPress Etta theme <= 1.14.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Etta versions = 1.14.0...

WordPress Emberlyn theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Emberlyn versions = 1.3.1...

WordPress Echo theme <= 1.15.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Echo versions = 1.15.0...

WordPress EasyEat theme <= 1.9.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme EasyEat versions = 1.9.0...

WordPress ChildHope theme <= 1.1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme ChildHope versions = 1.1.8...

WordPress Zuut theme <= 1.4.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Zuut versions = 1.4.2...

WordPress The Hospital theme <= 1.8.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Hospital versions = 1.8.1...

WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Barber Shop versions = 1.9...

WordPress Single Property theme <= 2.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Single Property versions = 2.8...

WordPress Plan My Day theme <= 1.1.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plan My Day versions = 1.1.13...

WordPress Monki theme <= 2.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Monki versions = 2.0.5...

WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lagom versions = 2.0...

WordPress Knowledge Base theme <= 2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Knowledge Base versions = 2.9...

WordPress ITok theme <= 1.1.42 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by ? in WordPress Theme ITok versions = 1.1.42...

WordPress Greenorganic theme <= 2.45 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Greenorganic versions = 2.45...

WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Anonymous in WordPress Plugin Advanced Ads – Tracking versions 3.0.7...

WordPress Flatsome Theme <= 3.20.0 is vulnerable to Cross Site Scripting (XSS)

Software Flatsome Type Theme Vulnerable versions = 3.20.0 Fixed in 3.20.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-8684 Patch priority Low CVSS severity Low 6.5 Developer EPC PSID 9ed70267df34 Credits stealthcopter Required privilege Contribut...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability

Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...

WordPress Make Connector plugin <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Make, formerly Integromat Connector versions = 1.5.10...

WordPress Easy Timer plugin <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode vulnerability

Authenticated Editor+ Remote Code Execution via Shortcode vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Easy Timer versions = 4.2.1...

WordPress Ai Engine plugin <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion vulnerability

Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions = 2.9.5...

WordPress LTL Freight Quotes - TQL Edition Plugin <= 1.2.6 - PHP Object Injection Vulnerability

WordPress LTL Freight Quotes - TQL Edition Plugin = 1.2.6 - PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin LTL Freight Quotes - TQL Edition versions = 1.2.6...

WordPress LTL Freight Quotes – Daylight Edition Plugin <= 2.2.7 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin LTL Freight Quotes – Daylight Edition versions = 2.2.7...

WordPress LTL Freight Quotes – Day & Ross Edition Plugin <= 2.1.11 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin LTL Freight Quotes – Day & Ross Edition versions = 2.1.11...

WordPress Exit Intent Popup Plugin <= 1.0.1 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Exit Intent Popup versions = 1.0.1...

WordPress Document Engine Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Document Engine versions = 1.2...

WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Le Cong Danh vodanh in WordPress Plugin Contact Form By Mega Forms versions = 1.6.1...

WordPress immonex Kickstart Plugin <= 1.11.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Peter Thaleikis in WordPress Plugin immonex Kickstart versions = 1.11.6...

WordPress Support Genix Plugin <= 1.4.23 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Support Genix versions = 1.4.23...

WordPress PeachPay Payments Plugin <= 1.117.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin PeachPay Payments versions = 1.117.4...

WordPress Booking Ultra Pro Plugin <= 1.1.21 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Booking Ultra Pro versions = 1.1.21...

WordPress Dadevarzan WordPress Common Plugin <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Dadevarzan WordPress Common versions = 2.2.2...

WordPress IssueM Plugin <= 2.9.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin IssueM versions = 2.9.0...

WordPress Simple Matomo Tracking Code Plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Simple Matomo Tracking Code versions = 1.1.0...

WordPress RumbleTalk Live Group Chat Plugin <= 6.3.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin RumbleTalk Live Group Chat versions = 6.3.5...

WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WP Flow Plus versions = 5.2.5...