WordPress The Flash theme <= 1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Flash versions = 1.15...

WordPress Chinchilla theme <= 1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Chinchilla versions = 1.16...

WordPress Playful theme <= 1.19.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Playful versions = 1.19.0...

WordPress Sanger theme <= 1.24.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sanger versions = 1.24.0...

WordPress Tourimo theme <= 1.2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tourimo versions = 1.2.3...

WordPress Wanderic theme <= 1.0.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wanderic versions = 1.0.10...

WordPress Fribbo theme <= 1.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fribbo versions = 1.1.0...

WordPress Integro theme <= 1.8.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Integro versions = 1.8.0...

WordPress Otaku theme <= 1.8.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Otaku versions = 1.8.0...

WordPress HealthHub theme <= 1.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme HealthHub versions = 1.3.0...

WordPress Frame theme <= 2.4.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Frame versions = 2.4.0...

WordPress UniTravel theme <= 1.4.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme UniTravel versions = 1.4.2...

WordPress Takeout theme <= 1.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Takeout versions = 1.3.0...

WordPress Kipso Theme <= 1.3.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kipso versions = 1.3.4...

WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin miniOrange's Google Authenticator versions = 6.1.1...

WordPress Ai Image Alt Text Generator for WP Plugin <= 1.1.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Ai Image Alt Text Generator for WP versions = 1.1.5...

WordPress PDF for Contact Form 7 plugin <= 6.5.0 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO in WordPress Plugin PDF for Contact Form 7 versions = 6.5.0...

WordPress PDF for WPForms plugin <= 6.5.0 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO in WordPress Plugin PDF for WPForms versions = 6.5.0...

WordPress PDF Invoice Builder for WooCommerce plugin <= 6.5.0 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO in WordPress Plugin PDF Invoice Builder for WooCommerce versions = 6.5.0...

WordPress 多说社会化评论框 plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin 多说社会化评论框 versions = 1.2...

WordPress Mesa Mesa Reservation Widget plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Mesa Mesa Reservation Widget versions = 1.0.0...

WordPress 百度分享按钮 plugin <= 1.0.6 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin 百度分享按钮 versions = 1.0.6...

WordPress Ultimate twitter profile widget plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Ultimate twitter profile widget versions = 1.0...

WordPress Kipso Theme <= 1.3.4 is vulnerable to Local File Inclusion

Software Kipso Type Theme Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53578 Patch priority High CVSS severity High 8.1 Developer DDM PSID a7a34f8de4f2 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Required...

WordPress Bravis User plugin <= 1.0.0 - Authentication Bypass to Account Takeover vulnerability

Authentication Bypass to Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Bravis User versions = 1.0.0...

WordPress Case Theme User plugin <= 1.0.3 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Case Theme User versions = 1.0.3...

WordPress WP Filter & Combine RSS Feeds plugin <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion vulnerability

Missing Authorization to Authenticated Contributor+ Feed Deletion vulnerability discovered by ch4r0n in WordPress Plugin WP Filter & Combine RSS Feeds versions = 0.4...

WordPress Restore Permanently delete Post or Page Data plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Nabil Irawan in WordPress Plugin Restore Permanently delete Post or Page Data versions = 1.0...

WordPress Silencesoft RSS Reader plugin <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion vulnerability

Cross-Site Request Forgery to RSS Feed Deletion vulnerability discovered by Nabil Irawan in WordPress Plugin Silencesoft RSS Reader versions = 0.6...

WordPress WS Theme Addons plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wsweather Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WS Theme Addons versions = 2.0.0...

WordPress Ogulo – 360° Tour plugin <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via slug Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Ogulo – 360° Tour versions = 1.0.11...

WordPress Ni WooCommerce Customer Product Report plugin <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by ch4r0n in WordPress Plugin Ni WooCommerce Customer Product Report versions = 1.2.4...

WordPress WC Plus plugin <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation vulnerability

Missing Authorization to Unauthenticated Settings Manipulation vulnerability discovered by ch4r0n in WordPress Plugin WC Plus versions = 1.2.0...

WordPress ShortcodeHub plugin <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via authorlinktarget Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin ShortcodeHub - MultiPurpose Shortcode Builder versions = 1.7.1...

WordPress Wptobe-memberships plugin <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Aril Aprilio forsak3n in WordPress Plugin Wptobe-memberships versions = 3.4.2...

WordPress Simpler Checkout <= 1.1.13 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by kr0d in WordPress Plugin Simpler Checkout versions = 1.1.13...

WordPress WP Talroo plugin <= 2.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Br0sck in WordPress Plugin WP Talroo versions = 2.4...

WordPress IDonatePro plugin <= 2.1.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin IDonatePro versions = 2.1.11...

WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 6.5.0...

WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by D01EXPLOIT in WordPress Plugin Church Admin versions = 5.0.26...

WordPress JobWP Plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin JobWP versions = 2.4.3...

WordPress WPPizza Plugin <= 3.19.8 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin WPPizza versions = 3.19.8...

WordPress WP Fast Total Search Plugin <= 1.79.270 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin WP Fast Total Search versions = 1.79.270...

WordPress Simple Statistics for Feeds Plugin <= 20250322 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Simple Statistics for Feeds versions = 20250322...

WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Recurring PayPal Donations versions = 1.8...

WordPress Sessions Plugin <= 3.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Sessions versions = 3.2.0...

WordPress Jobmonster Theme <= 4.8.0 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobmonster versions = 4.8.0...

WordPress Jobmonster Theme <= 4.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobmonster versions = 4.8.0...

WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by n0arafatn0 in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.30.0...

WordPress Fluent Support Plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin Fluent Support versions = 1.9.1...