WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Makeaholic versions = 1.8.5...

WordPress Transcoder Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Transcoder versions = 1.4.0...

WordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 6.2.0...

WordPress ElementInvader Addons for Elementor Plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin ElementInvader Addons for Elementor versions = 1.3.6...

WordPress Podlove Podcast Publisher Plugin <= 4.2.5 - Open Redirection Vulnerability

Open Redirection Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Podlove Podcast Publisher versions = 4.2.5...

WordPress Solace Extra Plugin <= 1.3.2 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Solace Extra versions = 1.3.2...

WordPress Simple Page Access Restriction Plugin <= 1.0.32 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Page Access Restriction versions = 1.0.32...

WordPress AfterShip Tracking Plugin <= 1.17.17 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin AfterShip Tracking versions = 1.17.17...

WordPress Xpro Theme Builder Plugin <= 1.2.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Xpro Theme Builder versions = 1.2.9...

WordPress Simple Download Monitor Plugin <= 3.9.34 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Simple Download Monitor versions = 3.9.34...

WordPress UiCore Elements Plugin <= 1.3.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin UiCore Elements versions = 1.3.4...

WordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin Xpro Elementor Addons versions = 1.4.17...

WordPress Bold Page Builder Plugin <= 5.4.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Bold Page Builder versions = 5.4.3...

WordPress Uncanny Automator Plugin <= 6.7.0.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Uncanny Automator versions = 6.7.0.1...

WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin WP Bulk Delete versions = 1.3.6...

WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WpEvently versions = 4.4.8...

WordPress JS Archive List Plugin < 6.1.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bao BlueRock in WordPress Plugin JS Archive List versions 6.1.6...

WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability

WordPress Otter - Gutenberg Block Plugin = 3.1.0 - Sensitive Data Exposure Vulnerability discovered by Abu Hurayra in WordPress Plugin Otter - Gutenberg Block versions = 3.1.0...

WordPress Neresa Theme <= 1.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Neresa versions = 1.3...

WordPress Houzez Theme <= 4.1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Houzez versions = 4.1.1...

WordPress Houzez Theme <= 4.1.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Houzez versions = 4.1.1...

WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Ireca versions = 1.8.5...

WordPress Houzez CRM Plugin <= 1.4.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Houzez CRM versions = 1.4.7...

WordPress Zippy plugin <= 1.7.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by 63n0 in WordPress Plugin Zippy versions = 1.7.0...

WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Bonds in WordPress Plugin Nest Addons versions = 1.6.3...

WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin ThemeREX Addons versions = 2.36.1.1...

WordPress Pin WP theme < 7.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Pin WP versions 7.2...

WordPress Printeers Print & Ship plugin <= 1.17.0 - Directory Traversal vulnerability

Directory Traversal vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Printeers Print & Ship versions = 1.17.0...

WordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by 0xd4rk5id3 in WordPress Plugin SUMO Memberships for WooCommerce versions 7.8.0...

WordPress WooTour plugin <= 3.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooTour versions = 3.6.3...

Drupal Facets module < 2.0.10,3.0.0 - Unauthenticated Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure vulnerability discovered by Damien McKenna damienmckenna in WordPress Module Facets versions 2.0.10,3.0.0...

Drupal Protected Pages module < 1.8.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Protected Pages versions 1.8.0...

Drupal API Key manager module * - Authenticated Other Vulnerability Type vulnerability

Authenticated Other Vulnerability Type vulnerability discovered by Drupal Security Site in WordPress Module API Key manager versions...

Drupal Authenticator Login module < 2.1.8 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Authenticator Login versions 2.1.8...

Drupal Owl Carousel 2 module * - Authenticated Other Vulnerability Type vulnerability

Authenticated Other Vulnerability Type vulnerability discovered by Drupal Security Site in WordPress Module Owl Carousel 2 versions...

Drupal Synchronize composer.json With Contrib Modules module * - Authenticated Other Vulnerability Type vulnerability

Authenticated Other Vulnerability Type vulnerability discovered by Drupal Security Site in WordPress Module Synchronize composer.json With Contrib Modules versions...

WordPress ArcHub Theme <= 1.2.12 is vulnerable to Broken Access Control

Software ArcHub Type Theme Vulnerable versions = 1.2.12 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2025-0951 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID deda1a0a86d7 Credits Lucio Sá Required...

WordPress Hub Theme <= 1.2.12 is vulnerable to Broken Access Control

Software Hub Type Theme Vulnerable versions = 1.2.12 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2025-0951 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 57e47f19b73d Credits Lucio Sá Required...

WordPress Makeaholic Theme <= 1.8.5 is vulnerable to Broken Access Control

Software Makeaholic Type Theme Vulnerable versions = 1.8.5 Fixed in 1.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58210 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID de9323d56155 Credits Tran Nguyen Bao Khanh VCI - VNPT...

WordPress Pin WP Theme < 7.2 is vulnerable to Arbitrary File Upload

Software Pin WP Type Theme Vulnerable versions 7.2 Fixed in 7.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2025-53251 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 85f8a3209836 Credits Bonds Required privilege Subscriber Published 27 August...

WordPress Neresa Theme <= 1.3 is vulnerable to Local File Inclusion

Software Neresa Type Theme Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49383 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID fb80e42ea19b Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Requir...

WordPress Houzez Theme <= 4.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Houzez Type Theme Vulnerable versions = 4.1.1 Fixed in 4.1.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-49407 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 614465758d60 Credits Rafie Muhammad Patchstack Required privile...

WordPress Houzez Theme <= 4.1.1 is vulnerable to Local File Inclusion

Software Houzez Type Theme Vulnerable versions = 4.1.1 Fixed in 4.1.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49405 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c84fd40ba09c Credits Rafie Muhammad Patchstack Required privilege...

WordPress Ireca Theme <= 1.8.5 is vulnerable to Local File Inclusion

Software Ireca Type Theme Vulnerable versions = 1.8.5 Fixed in 1.8.6 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54716 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID cf5edcb41428 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

Drupal Facets module < 2.0.10,3.0.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Facets versions 2.0.10,3.0.0...

WordPress Lazy Load for Videos plugin <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability discovered by Webbernaut in WordPress Plugin Lazy Load for Videos versions = 2.18.7...

WordPress All-in-One WP Migration and Backup plugin <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Import vulnerability discovered by Jack Pas Dark. in WordPress Plugin All-in-One WP Migration versions = 7.97...

WordPress SiteSEO plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Broken Regex Expression vulnerability discovered by stealthcopter in WordPress Plugin SiteSEO versions = 1.2.7...

WordPress Dokan Pro plugin <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation vulnerability

Authenticated Vendor+ Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin Dokan Pro versions = 4.0.5...

WordPress Opta theme <= 1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Opta versions = 1.7...