WordPress Exchange Rates Plugin <= 1.2.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Exchange Rates versions = 1.2.5...

WordPress Event Feed for Eventbrite Plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Event Feed for Eventbrite versions = 1.3.2...

WordPress Mobile Contact Line Plugin <= 2.4.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by 0xbeven in WordPress Plugin Mobile Contact Line versions = 2.4.0...

WordPress PuzzleMe for WordPress Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin PuzzleMe for WordPress versions = 1.2.0...

WordPress PDF for WPForms Plugin <= 6.2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin PDF for WPForms versions = 6.2.1...

WordPress Pie Calendar Plugin <= 1.2.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Pie Calendar versions = 1.2.8...

WordPress F4 Media Taxonomies Plugin <= 1.1.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin F4 Media Taxonomies versions = 1.1.4...

WordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Frisbii Pay versions = 1.8.2.1...

WordPress WP Bannerize Pro Plugin <= 1.10.0 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin WP Bannerize Pro versions = 1.10.0...

WordPress Tooltipy Plugin <= 5.5.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 63n0 in WordPress Plugin Tooltipy versions = 5.5.6...

WordPress Posts Table with Search & Sort Plugin <= 1.4.10 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bao - BlueRock in WordPress Plugin Posts Table with Search & Sort versions = 1.4.10...

WordPress PropertyHive Plugin <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin PropertyHive versions = 2.1.5...

WordPress Tickera Plugin <= 3.5.5.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Tickera versions = 3.5.5.6...

WordPress Gallery PhotoBlocks Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin Gallery PhotoBlocks versions = 1.3.1...

WordPress Latest Post Shortcode Plugin <= 14.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 63n0 in WordPress Plugin Latest Post Shortcode versions = 14.0.3...

WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by zaim in WordPress Plugin MediaPress versions = 1.5.9.1...

WordPress Cookie Notice & Consent Banner for GDPR & CCPA Compliance Plugin <= 1.7.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Cookie Notice & Consent Banner for GDPR & CCPA Compliance versions = 1.7.11...

WordPress SaasLauncher Theme <= 1.3.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Theme SaasLauncher versions = 1.3.0...

WordPress WP Delicious Plugin <= 1.8.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin WP Delicious versions = 1.8.7...

WordPress Mail Mint Plugin <= 1.18.5 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Le Cong Danh vodanh in WordPress Plugin Mail Mint versions = 1.18.5...

WordPress Surfer Plugin <= 1.6.4.574 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Hiro Code016Hiro in WordPress Plugin Surfer versions = 1.6.4.574...

WordPress If-So Dynamic Content Personalization Plugin <= 1.9.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin If-So Dynamic Content Personalization versions = 1.9.4...

WordPress Classified Listing Plugin <= 5.0.6 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Classified Listing versions = 5.0.6...

WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by MD ISMAIL in WordPress Plugin Paid Member Subscriptions versions = 2.15.9...

WordPress Order Delivery Date for WooCommerce Plugin <= 4.1.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Order Delivery Date for WooCommerce versions = 4.1.0...

WordPress Klarna Order Management for WooCommerce Plugin <= 1.9.8 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Klarna Order Management for WooCommerce versions = 1.9.8...

WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by Muhammad Zidan Ali Mansur in WordPress Plugin wpForo Forum versions = 2.4.6...

WordPress MailOptin Plugin <= 1.2.75.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Fiqro Najiah in WordPress Plugin MailOptin versions = 1.2.75.0...

WordPress Brizy Plugin <= 2.7.12 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Peter Thaleikis in WordPress Plugin Brizy versions = 2.7.12...

WordPress Orbit Fox by ThemeIsle Plugin <= 3.0.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Michael in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.0...

WordPress Myour Theme <= 1.5.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh in WordPress Theme Myour versions = 1.5.6...

WordPress Wastia theme < 1.1.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wastia versions 1.1.3...

WordPress WP Abstracts plugin <= 2.7.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by timomangcut Patchstack Alliance in WordPress Plugin WP Abstracts versions = 2.7.4...

WordPress Oblo theme <= 2.2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Oblo versions = 2.2.4...

WordPress Malcure Malware Scanner plugin <= 16.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by domiee13 Patchstack Alliance in WordPress Plugin Malcure Malware Scanner versions = 16.8...

WordPress Quiz And Survey Master Plugin <= 10.2.5 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Quiz And Survey Master versions = 10.2.5...

WordPress Uxper Booking Plugin <= 1.3.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Uxper Booking versions = 1.3.3...

WordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin MasterStudy LMS versions = 3.6.15...

WordPress Assistant Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Martin Herancourt in WordPress Plugin WordPress Assistant versions = 1.5.2...

WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin InPost Gallery versions = 2.1.4.5...

WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin Spirit Framework versions = 1.2.13...

WordPress Sticky Side Buttons plugin < 2.0.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Sayandeep Dutta in WordPress Plugin Sticky Side Buttons versions 2.0.0...

WordPress TheGem (Elementor) theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Theme TheGem Elementor versions = 5.10.5...

WordPress TheGem theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ? in WordPress Theme TheGem versions = 5.10.5...

Drupal Acquia DAM module < 1.1.5 - Unauthenticated Multiple Vulnerabilities vulnerability

Unauthenticated Multiple Vulnerabilities vulnerability discovered by Brandon Goodwin bgoodie in WordPress Module Acquia DAM versions 1.1.5...

WordPress SaasLauncher Theme <= 1.3.0 is vulnerable to Broken Access Control

Software SaasLauncher Type Theme Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58606 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 64c990d710df Credits Denver Jackson Required privilege...

WordPress Oblo Theme <= 2.2.4 is vulnerable to Local File Inclusion

Software Oblo Type Theme Vulnerable versions = 2.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 513d4a3a8bf3 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Requir...

WordPress Post SMTP plugin <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Option Update vulnerability discovered by WordFence in WordPress Plugin Post SMTP versions = 3.4.1...

WordPress Vayu Blocks plugin <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Block Attributes vulnerability discovered by WordFence in WordPress Plugin Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce versions = 1.3.9...

WordPress FluentForm plugin 5.1.16-6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read

Authenticated Subscriber+ PHP Object Injection To Arbitrary File Read vulnerability discovered by Webbernaut in WordPress Plugin FluentForm versions 5.1.16-6.1.1...