46075 matches found
WordPress Portfolio Manager Pro Plugin 3.8 - Arbitrary File Upload Vulnerability
Arbitrary File Upload Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Portfolio Manager Pro versions 3.8...
WordPress WP Voting Contest plugin <= 5.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin WP Voting Contest versions = 5.8...
WordPress s2Member Plugin <= 250701 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by ChuongVN in WordPress Plugin s2Member versions = 250701...
WordPress Jobmonster Theme <= 4.7.9 - Broken Authentication Vulnerability
Broken Authentication Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Jobmonster versions = 4.7.9...
WordPress bxSlider integration for WordPress plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin bxSlider integration for WordPress versions = 1.7.2...
WordPress Site Offline plugin <= 1.5.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Site Offline versions = 1.5.7...
WordPress Video Gallery – Vimeo and YouTube Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Prissy Patchstack Alliance in WordPress Plugin Video Gallery – Vimeo and YouTube Gallery versions = 1.1.7...
WordPress Child Themes plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Child Themes versions = 1.0.1...
WordPress AutoWP plugin <= 2.2.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin AutoWP versions = 2.2.4...
WordPress Kento Splash Screen plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Kento Splash Screen versions = 1.4...
WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Clickbank WordPress Plugin Niche Storefront versions = 1.3.5...
WordPress Better Post & Filter Widgets for Elementor plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abu Hurayra Patchstack Alliance in WordPress Plugin Better Post & Filter Widgets for Elementor versions = 1.6.1...
WordPress ProveSource Social Proof plugin <= 3.1.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Bao BlueRock in WordPress Plugin ProveSource Social Proof versions = 3.1.2...
WordPress SUMO Memberships for WooCommerce plugin <= 7.8.0 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by 0xd4rk5id3 in WordPress Plugin SUMO Memberships for WooCommerce versions = 7.8.0...
WordPress Magazine Elite Theme <= 1.2.4 is vulnerable to Local File Inclusion
Software Magazine Elite Type Theme Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53244 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID da2ed7dcedc4 Credits Le Ngoc Anh Required privilege Unauthenticat...
WordPress Golo Theme <= 1.7.0 is vulnerable to Broken Authentication
Software Golo Type Theme Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54725 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a2ab39e8e113 Credits Aiden Required...
WordPress Glamer Theme <= 1.0.2 is vulnerable to Local File Inclusion
Software Glamer Type Theme Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53216 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 93baa314ee0c Credits Le Ngoc Anh Required privilege Unauthenticated...
WordPress Kalium Theme <= 3.18.3 is vulnerable to Broken Access Control
Software Kalium Type Theme Vulnerable versions = 3.18.3 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Broken Access Control CVE CVE-2025-53348 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f2f57429b255 Credits Ananda Dhakal Patchstack Required privilege...
WordPress Magazine Theme <= 1.2.2 is vulnerable to Local File Inclusion
Software Magazine Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53248 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c0ab4f8e53f9 Credits Le Ngoc Anh Required privilege Unauthenticated...
WordPress BlogMarks Theme <= 1.0.8 is vulnerable to Local File Inclusion
Software BlogMarks Type Theme Vulnerable versions = 1.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53247 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7553f479b27f Credits Le Ngoc Anh Required privilege Unauthenticated...
WordPress Organic Beauty Theme <= 1.4.6 is vulnerable to PHP Object Injection
Software Organic Beauty Type Theme Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49890 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d8832a3c672f Credits Bonds Required privilege Unauthenticated...
WordPress Jobmonster Theme <= 4.7.9 is vulnerable to Broken Authentication
Software Jobmonster Type Theme Vulnerable versions = 4.7.9 Fixed in 4.8.0 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-54738 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 87e1e5542be4 Credits Tran Nguyen...
WordPress Bible SuperSearch plugin <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via selectorheight Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Bible SuperSearch versions = 6.0.1...
WordPress WP Webhooks plugin <= 3.3.5 - Unauthenticated Arbitrary File Copy vulnerability
Unauthenticated Arbitrary File Copy vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Webhooks versions = 3.3.5...
WordPress Inspiro plugin <= 2.1.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability
Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Inspiro versions = 2.1.2...
WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.5.0 - Missing Authorization to Donation Update vulnerability
Missing Authorization to Donation Update vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin GiveWP versions = 4.5.0...
WordPress Sello ChannelConnector plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Sello ChannelConnector versions = 1.6.3...
WordPress Kanpress plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Jieun Kim Patchstack Alliance in WordPress Plugin Kanpress versions = 1.1...
WordPress Yandex Site search pinger plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Yandex Site search pinger versions = 1.5...
WordPress Risk Free Cash On Delivery (COD) – WooCommerce plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Risk Free Cash On Delivery COD WooCommerce versions = 1.0.4...
WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Varnish/Nginx Proxy Caching versions = 1.8.3...
WordPress Century ToolKit plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Activation vulnerability
Cross Site Request Forgery CSRF to Arbitrary Plugin Activation vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Century ToolKit versions = 1.2.1...
WordPress WP Funnel Manager Plugin <= 1.4.0 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin WP Funnel Manager versions = 1.4.0...
WordPress ATT YouTube Widget plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin ATT YouTube Widget versions = 1.0...
WordPress Listeo-Core Plugin < 2.0.7 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin Listeo Core versions 2.0.7...
WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Ovatheme Events versions = 1.2.8...
WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sala versions = 1.1.6...
WordPress Kitring Theme <= 2.8 - Local File Inclusion Vulnerability
Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Kitring versions = 2.8...
WordPress Support Ticket Plugin <= 1.9 - Privilege Escalation Vulnerability
Privilege Escalation Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Support Ticket versions = 1.9...
WordPress Hesabfa Accounting plugin <= 2.2.5 - Sensitive Data Exposure via Log File vulnerability
Sensitive Data Exposure via Log File vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Hesabfa Accounting versions = 2.2.5...
WordPress Hesabfa Accounting plugin <= 2.2.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Hesabfa Accounting versions = 2.2.5...
WordPress LifePress plugin <= 2.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by l8BL in WordPress Plugin LifePress versions = 2.1.3...
WordPress ads.txt Guru Connect Plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin ads.txt Guru Connect versions = 1.1.1...
WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability
WordPress JobZilla - Job Board WordPress Theme Theme = 2.0 - Cross Site Request Forgery CSRF Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme JobZilla - Job Board WordPress Theme versions = 2.0...
WordPress Notice Bar Plugin <= 3.1.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Notice Bar versions = 3.1.3...
WordPress Sign-up Sheets Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Sign-up Sheets versions = 2.3.3...
WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Themify Audio Dock versions = 2.0.5...
WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Themify Icons versions = 2.0.3...
WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Themify Builder versions = 7.6.7...
WordPress Colorbox Lightbox Plugin <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Colorbox Lightbox versions = 1.1.5...