WordPress Upking - Hiking Club WordPress Theme Theme <= 1.4 is vulnerable to Deserialization of untrusted data

Software Upking - Hiking Club WordPress Theme Type Theme Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2025-31927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 34c449a0330d Credits Tran Nguyen...

WordPress WordPress Automatic plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Automatic versions = 3.118.0...

WordPress Event List plugin <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin eventlist versions = 2.0.4...

WordPress Tourfic plugin <= 2.14.5 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by WordFence in WordPress Plugin Tourfic versions = 2.14.5...

WordPress Vibes plugin <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter vulnerability

Unauthenticated SQL Injection via resource Parameter vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Vibes versions = 2.2.0...

WordPress Custom Query Shortcode plugin <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter vulnerability

Authenticated Contributor+ Path Traversal via lens Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Custom Query Shortcode versions = 0.4.0...

WordPress bidorbuy Store Integrator plugin <= 2.12.0 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by mcdruid in WordPress Plugin bidorbuy Store Integrator versions = 2.12.0...

WordPress Theme Switcher Reloaded Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin Theme Switcher Reloaded versions = 1.1...

WordPress Taxi Booking Manager for WooCommerce plugin <= 1.3.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Denver Jackson in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 1.3.0...

WordPress NextGEN Gallery Search Plugin <= 2.12 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin NextGEN Gallery Search versions = 2.12...

WordPress Exertio Framework Plugin <= 1.3.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Frank in WordPress Plugin Exertio Framework versions = 1.3.3...

WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 - Path Traversal Vulnerability

Path Traversal Vulnerability discovered by ch4r0n Patchstack Alliance in WordPress Theme Pro Bulk Watermark Plugin for WordPress versions = 2.0...

WordPress Page Manager for Elementor Plugin <= 2.0.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by theviper17 in WordPress Plugin Page Manager for Elementor versions = 2.0.5...

WordPress Nuss Theme <= 1.3.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Nuss versions = 1.3.3...

WordPress Jannah Theme < 7.5.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jannah versions 7.5.1...

WordPress Magazine Saga Theme <= 1.2.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Magazine Saga versions = 1.2.7...

WordPress UPC/EAN/GTIN Code Generator Plugin <= 2.0.2 - Arbitrary File Deletion Vulnerability

Arbitrary File Deletion Vulnerability discovered by Mika in WordPress Plugin UPC/EAN/GTIN Code Generator versions = 2.0.2...

WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...

WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin WP Easy Contact versions = 4.0.1...

WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin WP Ticket Customer Service Software & Support Ticket System versions = 6.0.2...

WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Employee Spotlight versions = 5.1.1...

WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin YouTube Showcase versions = 3.5.1...

WordPress Employee Directory – Staff Listing & Team Directory plugin for WordPress plugin <= 4.5.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Employee Directory – Staff Listing & Team Directory Plugin for WordPress versions = 4.5.5...

WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Post Type Converter versions = 0.6...

WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin XM-Backup versions = 0.9.1...

WordPress Link View plugin <= 0.8.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Link View versions = 0.8.0...

WordPress Savyour Affiliate Partner plugin <= 2.1.4 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Savyour Affiliate Partner versions = 2.1.4...

WordPress Google XML News Sitemap plugin plugin <= 0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Google XML News Sitemap plugin versions = 0.02...

WordPress Goal Tracker for Patreon plugin <= 0.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Goal Tracker for Patreon versions = 0.4.6...

WordPress SEO For Images plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin SEO For Images versions = 1.0.0...

WordPress Newsletter subscription optin module plugin <= 1.2.9 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Newsletter subscription optin module versions = 1.2.9...

WordPress BetPress plugin <= 1.0.1 Lite - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin BetPress versions = 1.0.1 Lite...

WordPress Table Editor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Table Editor versions = 1.6.4...

WordPress Invisible Optin plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Invisible Optin versions = 1.0...

WordPress WPAvatar plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin WPAvatar versions = 1.9.4...

WordPress Tripadvisor Shortcode plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jieun Kim Patchstack Alliance in WordPress Plugin Tripadvisor Shortcode versions = 2.2...

WordPress Add Code To Head plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bao - BlueRock in WordPress Plugin Add Code To Head versions = 1.17...

WordPress WordPress HTML plugin <= 0.51 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin WordPress HTML versions = 0.51...

WordPress Responsive Mobile-Friendly Tooltip plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Responsive Mobile-Friendly Tooltip versions = 1.6.6...

WordPress Nuss Theme <= 1.3.3 is vulnerable to Local File Inclusion

Software Nuss Type Theme Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49894 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 474ba3fe8fa5 Credits Bonds Required privilege Unauthenticated Published 25...

WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 is vulnerable to Path Traversal

Software Pro Bulk Watermark Plugin for WordPress Type Theme Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2025-4956 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID cbe2badf404d Credits ch4r0n...

WordPress Jannah Theme <= 7.4.1 is vulnerable to Local File Inclusion

Software Jannah Type Theme Vulnerable versions = 7.4.1 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Local File Inclusion CVE CVE-2025-53334 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 923d1ba1de1e Credits Ananda Dhakal Patchstack Required...

WordPress Magazine Saga Theme <= 1.2.7 is vulnerable to Local File Inclusion

Software Magazine Saga Type Theme Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53227 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 9df23c335ced Credits Le Ngoc Anh Required privilege Unauthenticate...

WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Off-Canvas Sidebars & Menus Slidebars versions = 0.5.8.5...

WordPress WP Last Modified Info plugin <= 1.9.4 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by zaim in WordPress Plugin WP Last Modified Info versions = 1.9.4...

WordPress Global DNS Plugin <= 3.1.0 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Global DNS versions = 3.1.0...

WordPress Doliconnect Plugin <= 9.3.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Doliconnect versions = 9.3.2...

WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin PDF for Gravity Forms + Drag And Drop Template Builder versions = 6.5.0...

WordPress Festy theme <= 1.13.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Festy versions = 1.13.0...

WordPress Pathfinder theme <= 1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pathfinder versions = 1.16...