WordPress Amministrazione Trasparente plugin <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via print_r Function vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via printr Function vulnerability discovered by m3ssap0 in WordPress Plugin Amministrazione Trasparente versions = 9.0...

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by mcdruid in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.7...

WordPress PostX plugin <= 4.1.36 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin PostX versions = 4.1.36...

WordPress FitLine theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme FitLine versions = 1.6...

WordPress Harper theme <= 1.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Harper versions = 1.13...

WordPress Greeny theme <= 2.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Greeny versions = 2.6...

WordPress Rentic theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Rentic versions = 1.1...

WordPress Smash theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Smash versions = 1.7...

WordPress Catwalk theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Catwalk versions = 1.4...

WordPress Beautique theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Beautique versions = 1.5...

WordPress Assembly theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Assembly versions = 1.1...

WordPress Rally theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Rally versions = 1.1...

WordPress Convex theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Convex versions = 1.11...

WordPress Hygia theme <= 1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Hygia versions = 1.16...

WordPress Paragon theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Paragon versions = 1.1...

WordPress Legacy theme <= 1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Legacy versions = 1.9...

WordPress Algenix theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Algenix versions = 1.0...

WordPress Towny theme <= 1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Towny versions = 1.16...

WordPress Alright theme <= 1.6.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Alright versions = 1.6.1...

WordPress Good Mood theme <= 1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Good Mood versions = 1.16...

WordPress Critique theme <= 1.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Critique versions = 1.17...

WordPress Manufactory theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Manufactory versions = 1.4...

WordPress EcoGrow theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme EcoGrow versions = 1.7...

WordPress Vocal theme <= 1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Vocal versions = 1.12...

WordPress Athos theme <= 1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Athos versions = 1.9...

WordPress RockON DJ theme <= 3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme RockON DJ versions = 3.3...

WordPress Today's Date Inserter plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Todays Date Inserter versions = 1.2.1...

WordPress Floating Window Music Player plugin <= 3.4.2 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Skalucy in WordPress Plugin Floating Window Music Player versions = 3.4.2...

WordPress Easy Flash Embed plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Easy Flash Embed versions = 1.0...

WordPress Miraculous Theme < 2.0.9 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Miraculous versions 2.0.9...

WordPress Miraculous theme < 2.0.9 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Miraculous versions 2.0.9...

WordPress Miraculous Core Plugin plugin < 2.0.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Miraculous Core Plugin versions 2.0.9...

WordPress Clanora theme < 1.3.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Clanora versions 1.3.1...

WordPress Constant Contact for WordPress Plugin <= 4.1.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Constant Contact for WordPress versions = 4.1.1...

WordPress ProfileGrid plugin <= 5.9.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mohammed Ahmed Abd Elnabi in WordPress Plugin ProfileGrid versions = 5.9.5.7...

WordPress Miraculous Theme < 2.0.9 is vulnerable to SQL Injection

Software Miraculous Type Theme Vulnerable versions 2.0.9 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2025-58628 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 1d5cba84a439 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Required...

WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobmonster versions = 4.7.8...

WordPress Institutions Directory Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Institutions Directory versions = 1.3.3...

WordPress Woo Hoo theme <= 1.25 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Woo Hoo versions = 1.25...

WordPress Aromatica theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Aromatica versions = 1.8...

WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Spock versions = 1.17...

WordPress 777 theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme 777 versions = 1.3...

WordPress Lione theme <= 1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Lione versions = 1.16...

WordPress Ziston Theme < 1.4.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Ziston versions 1.4.5...

WordPress Indutri Theme < 1.3.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Indutri versions 1.3.0...

WordPress Hotel Listing plugin <= 1.4.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Hotel Listing versions = 1.4.0...

WordPress Hello Followers plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Hello Followers versions = 2.5...

WordPress Skyword API Plugin plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Skyword API Plugin versions = 2.5.2...

WordPress Epic Review Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Epic Review versions = 1.0.2...

WordPress ACF Recent Posts Widget plugin <= 5.9.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin ACF Recent Posts Widget versions = 5.9.3...