WordPress WP Fast Total Search Plugin <= 1.79.270 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin WP Fast Total Search versions = 1.79.270...

WordPress Simple Statistics for Feeds Plugin <= 20250322 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Simple Statistics for Feeds versions = 20250322...

WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Recurring PayPal Donations versions = 1.8...

WordPress Sessions Plugin <= 3.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Sessions versions = 3.2.0...

WordPress Jobmonster Theme <= 4.8.0 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobmonster versions = 4.8.0...

WordPress Jobmonster Theme <= 4.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobmonster versions = 4.8.0...

WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by n0arafatn0 in WordPress Plugin Accessibility Checker by Equalize Digital versions = 1.30.0...

WordPress Fluent Support Plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin Fluent Support versions = 1.9.1...

WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Greenshift versions = 12.1.1...

WordPress Neptunus theme <= 1.0.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Neptunus versions = 1.0.11...

WordPress Statify Widget plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Statify Widget versions = 1.4.6...

WordPress HeartStar theme <= 1.0.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme HeartStar versions = 1.0.14...

WordPress Cerebrum theme <= 1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Cerebrum versions = 1.12...

WordPress Stallion theme <= 1.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Stallion versions = 1.17...

WordPress Heart theme <= 1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Heart versions = 1.8...

WordPress Pantry theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Pantry versions = 1.4...

WordPress FitFlex theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme FitFlex versions = 1.6...

WordPress Advance Food Menu plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Vinit Lakra Patchstack Alliance in WordPress Plugin Advance Food Menu versions = 1.0...

WordPress Palatio theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Palatio versions = 1.6...

WordPress Prisma theme <= 1.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Prisma versions = 1.10...

WordPress Anubis theme <= 1.25 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Anubis versions = 1.25...

WordPress tli.tl auto Twitter poster plugin <= 3.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jieun Kim Patchstack Alliance in WordPress Plugin tli.tl auto Twitter poster versions = 3.4...

WordPress The Gig theme <= 1.18.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme The Gig versions = 1.18.0...

WordPress Lunna theme <= 1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Lunna versions = 1.15...

WordPress Catamaran theme <= 1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Catamaran versions = 1.15...

WordPress Tacticool theme <= 1.0.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tacticool versions = 1.0.13...

WordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Bao BlueRock in WordPress Plugin Premmerce Brands for WooCommerce versions = 1.2.13...

WordPress WP Admin Theme plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Ren Kikuchi Patchstack Alliance in WordPress Plugin WP Admin Theme versions = 1.0...

WordPress Acclectic Media Organizer Plugin <= 1.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Legion Hunter in WordPress Plugin Acclectic Media Organizer versions = 1.4...

WordPress Spacious plugin <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import vulnerability

Missing Authorization to Autheticated Subscriber+ Demo Data Import vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Spacious versions = 1.9.11...

WordPress WP Crontrol plugin 1.17.0-1.19.1 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Crontrol versions 1.17.0-1.19.1...

WordPress Jobmonster Theme <= 4.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Jobmonster Type Theme Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-57887 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 409b4cb6ad34 Credits Ananda Dhakal Patchstack Required privilege...

WordPress Spacious Theme <= 1.9.11 is vulnerable to Broken Access Control

Software Spacious Type Theme Vulnerable versions = 1.9.11 Fixed in 1.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-9331 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bca30fd3c674 Credits Dmitrii Ignatyev Required privilege...

WordPress Jobmonster Theme <= 4.8.0 is vulnerable to Sensitive Data Exposure

Software Jobmonster Type Theme Vulnerable versions = 4.8.0 Fixed in 4.8.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2025-57888 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d34cfa4cbbae Credits Ananda Dhakal Patchstack Required...

WordPress IDonatePro plugin <= 2.1.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin IDonatePro versions = 2.1.9...

WordPress WP Mailgun SMTP plugin <= 1.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin WP Mailgun SMTP versions = 1.0.7...

WordPress Super Store Finder plugin <= 7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Super Store Finder versions = 7.5...

WordPress WPMU Ldap Authentication plugin <= 5.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WPMU Ldap Authentication versions = 5.0.1...

WordPress Super Store Finder Plugin <= 7.6 - Reflected Cross Site Scripting (XSS) Vulnerability

Reflected Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Super Store Finder versions = 7.6...

WordPress Kalium Theme <= 3.18.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Kalium versions = 3.18.3...

WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin e-Boekhouden.nl versions = 1.9.3...

WordPress Magazine Elite Theme <= 1.2.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Magazine Elite versions = 1.2.4...

WordPress Glamer Theme <= 1.0.2 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Glamer versions = 1.0.2...

WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Magazine versions = 1.2.2...

WordPress BlogMarks Theme <= 1.0.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme BlogMarks versions = 1.0.8...

WordPress Portfolio Manager Pro Plugin 3.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Portfolio Manager Pro versions 3.8...

WordPress Miraculous Core Plugin Plugin <= 2.0.7 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Miraculous Core Plugin versions = 2.0.7...

WordPress Organic Beauty Theme <= 1.4.6 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Organic Beauty versions = 1.4.6...

WordPress PressApps Knowledge Base Contextual Sidebar Addon Plugin <= 4.2.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin PressApps Knowledge Base Contextual Sidebar Addon versions = 4.2.1...

WordPress Golo Theme <= 1.7.0 - Broken Authentication Vulnerability

Broken Authentication Vulnerability discovered by Rau má đậu xanh in WordPress Theme Golo versions = 1.7.0...