WordPress Park - Creative Portfolio WordPress theme theme <= 1.6 - Local File Inclusion vulnerability

WordPress Park - Creative Portfolio WordPress theme theme = 1.6 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Park - Creative Portfolio WordPress Theme versions = 1.6...

WordPress Kapena theme <= 1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kapena versions = 1.2...

WordPress Seppo - Corporate One Page WordPress theme theme <= 1.4 - Local File Inclusion vulnerability

WordPress Seppo - Corporate One Page WordPress theme theme = 1.4 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Seppo - Corporate One Page WordPress Theme versions = 1.4...

WordPress Meelo - Corporate One Page WordPress theme theme <= 1.4 - Local File Inclusion vulnerability

WordPress Meelo - Corporate One Page WordPress theme theme = 1.4 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Meelo - Corporate One Page WordPress Theme versions = 1.4...

WordPress Pekko theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pekko versions = 1.3...

WordPress Romea - Personal Portfolio WordPress theme theme <= 1.6 - Local File Inclusion vulnerability

WordPress Romea - Personal Portfolio WordPress theme theme = 1.6 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Romea - Personal Portfolio WordPress Theme versions = 1.6...

WordPress Blanka - One Page WordPress Theme Theme < 1.5 - Local File Inclusion Vulnerability

WordPress Blanka - One Page WordPress Theme Theme 1.5 - Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Blanka - One Page WordPress Theme versions 1.5...

WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Tiktok Feed versions = 1.0.21...

WordPress Image Gallery block – Create and display photo gallery/photo album. plugin <= 1.0.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Denver Jackson in WordPress Plugin Image Gallery block – Create and display photo gallery/photo album. versions = 1.0.7...

WordPress Info Cards Plugin <= 1.0.11 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Info Cards versions = 1.0.11...

WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Denver Jackson in WordPress Plugin Parallax Section block versions = 1.0.9...

WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin B Slider versions = 1.1.30...

WordPress Drag and Drop File Upload for Elementor Forms Plugin <= 1.5.3 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Drag and Drop File Upload for Elementor Forms versions = 1.5.3...

WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by ch4r0n in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...

WordPress Chartbeat Plugin <= 2.0.7 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Martin Herancourt in WordPress Plugin Chartbeat versions = 2.0.7...

WordPress Upking - Hiking Club WordPress Theme Theme <= 1.4 - Deserialization of untrusted data Vulnerability

WordPress Upking - Hiking Club WordPress Theme Theme = 1.4 - Deserialization of untrusted data Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Upking - Hiking Club WordPress Theme versions = 1.4...

WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Zephyr Project Manager versions = 3.3.201...

WordPress Advance Seat Reservation Management for WooCommerce plugin <= 3.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin Advance Seat Reservation Management for WooCommerce versions = 3.1...

WordPress Jina - Celebration Agency Theme Theme <= 1.6 - Deserialization of untrusted data Vulnerability

WordPress Jina - Celebration Agency Theme Theme = 1.6 - Deserialization of untrusted data Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Jina - Celebration Agency Theme versions = 1.6...

WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bonds in WordPress Theme Golo versions = 1.7.1...

WordPress Javo Core plugin <= 3.0.0.529 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Bonds in WordPress Plugin Javo Core versions = 3.0.0.529...

WordPress WooCommerce csv import export Plugin <= 2.0.6 - Arbitrary File Deletion Vulnerability

Arbitrary File Deletion Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce csv import export versions = 2.0.6...

WordPress WooCommerce Payment Gateway for Saferpay Plugin <= 0.4.9 - Path Traversal Vulnerability

Path Traversal Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin WooCommerce Payment Gateway for Saferpay versions = 0.4.9...

WordPress Gutenify Plugin <= 1.5.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Gutenify versions = 1.5.4...

WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage Plugin <= 19.11.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage versions = 19.11.0...

WordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin All Bootstrap Blocks versions = 1.3.28...

WordPress Uncode theme < 2.9.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Uncode versions 2.9.4.4...

WordPress Yahoo! WebPlayer Plugin <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin Yahoo! WebPlayer versions = 2.0.6...

WordPress Captcha.eu Plugin < 1.0.61 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Captcha.eu versions 1.0.61...

WordPress Theme Blvd Widget Areas Plugin <= 1.3.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Theme Blvd Widget Areas versions = 1.3.0...

WordPress XmasB Quotes Plugin <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin XmasB Quotes versions = 1.6.1...

WordPress Cars4Rent Theme <= 1.4.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cars4Rent versions = 1.4.2...

WordPress The Restaurant Theme <= 1.4.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Restaurant versions = 1.4.1...

WordPress Rozario Theme <= 1.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rozario versions = 1.4...

WordPress Cars4Rent Theme <= 1.4.2 is vulnerable to PHP Object Injection

Software Cars4Rent Type Theme Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49434 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 74545c19b3cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress The Restaurant Theme <= 1.4.1 is vulnerable to PHP Object Injection

Software The Restaurant Type Theme Vulnerable versions = 1.4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b3568a9880cd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Rozario Theme <= 1.4 is vulnerable to PHP Object Injection

Software Rozario Type Theme Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 49288bc6ac10 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Jina - Celebration Agency Theme Theme <= 1.6 is vulnerable to Deserialization of untrusted data

Software Jina - Celebration Agency Theme Type Theme Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2025-31927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a8ebcdebaccc Credits Tran Nguyen Bao...

WordPress Golo Theme <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Golo Type Theme Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-54724 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9a5f34e954ab Credits Bonds Required privilege Unauthenticated...

WordPress Upking - Hiking Club WordPress Theme Theme <= 1.4 is vulnerable to Deserialization of untrusted data

Software Upking - Hiking Club WordPress Theme Type Theme Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2025-31927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 34c449a0330d Credits Tran Nguyen...

WordPress WordPress Automatic plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Automatic versions = 3.118.0...

WordPress Event List plugin <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin eventlist versions = 2.0.4...

WordPress Tourfic plugin <= 2.14.5 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by WordFence in WordPress Plugin Tourfic versions = 2.14.5...

WordPress Vibes plugin <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter vulnerability

Unauthenticated SQL Injection via resource Parameter vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Vibes versions = 2.2.0...

WordPress Custom Query Shortcode plugin <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter vulnerability

Authenticated Contributor+ Path Traversal via lens Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Custom Query Shortcode versions = 0.4.0...

WordPress bidorbuy Store Integrator plugin <= 2.12.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by mcdruid in WordPress Plugin bidorbuy Store Integrator versions = 2.12.0...

WordPress Theme Switcher Reloaded Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin Theme Switcher Reloaded versions = 1.1...

WordPress Taxi Booking Manager for WooCommerce plugin <= 1.3.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Denver Jackson in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 1.3.0...

WordPress NextGEN Gallery Search Plugin <= 2.12 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin NextGEN Gallery Search versions = 2.12...

WordPress Exertio Framework Plugin <= 1.3.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Frank in WordPress Plugin Exertio Framework versions = 1.3.3...