WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability

WordPress JobZilla - Job Board WordPress Theme Theme = 2.0 - Cross Site Request Forgery CSRF Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme JobZilla - Job Board WordPress Theme versions = 2.0...

WordPress Notice Bar Plugin <= 3.1.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Notice Bar versions = 3.1.3...

WordPress Sign-up Sheets Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Sign-up Sheets versions = 2.3.3...

WordPress Themify Audio Dock Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Themify Audio Dock versions = 2.0.5...

WordPress Themify Icons Plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Themify Icons versions = 2.0.3...

WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin Themify Builder versions = 7.6.7...

WordPress Colorbox Lightbox Plugin <= 1.1.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Colorbox Lightbox versions = 1.1.5...

WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin NEX-Forms versions = 9.1.3...

WordPress WP Visitor Statistics (Real Time Traffic) Plugin <= 8.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Visitor Statistics Real Time Traffic versions = 8.2...

WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Houzez versions = 4.1.1...

WordPress Templately Plugin <= 3.2.7 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by ch4r0n Patchstack Alliance in WordPress Plugin Templately versions = 3.2.7...

WordPress Popup for CF7 with Sweet Alert plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Bao BlueRock in WordPress Plugin Popup for CF7 with Sweet Alert versions = 1.6.5...

WordPress rajce plugin <= 0.4.2 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin rajce versions = 0.4.2...

WordPress Custom Comment plugin <= 2.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Custom Comment versions = 2.1.6...

WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software JobZilla - Job Board WordPress Theme Type Theme Vulnerable versions = 2.0 Fixed in 2.0.1 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-49382 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 33cb80ce3eab Credi...

WordPress Kitring Theme <= 2.8 is vulnerable to Local File Inclusion

Software Kitring Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49426 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 373cf39af191 Credits Bonds Required privilege Unauthenticated Published 20...

WordPress Houzez Theme <= 4.1.1 is vulnerable to Broken Access Control

Software Houzez Type Theme Vulnerable versions = 4.1.1 Fixed in 4.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-49406 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 920f9b9106ce Credits Rafie Muhammad Patchstack Required...

WordPress Inspiro Theme <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Inspiro Type Theme Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-8592 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 4528bac00297 Credits Dmitrii Ignatyev Required...

WordPress Sala Theme <= 1.1.6 is vulnerable to Local File Inclusion

Software Sala Type Theme Vulnerable versions = 1.1.6 Fixed in 1.1.7 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54709 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 734caf3a58cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Easy Digital Downloads plugin <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions vulnerability

Cross-Site Request Forgery to Plugin Deactivation via eddsendwpdisconnect and eddsendwpremoteinstall Functions vulnerability discovered by wesley wcraft in WordPress Plugin Easy Digital Downloads versions = 3.5.0...

WordPress ColorMag plugin <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation vulnerability

Missing Authorization to Authenticated Subscriber+ ThemeGrill Demo Importer Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme ColorMag versions = 4.0.19...

WordPress WPC Smart Quick View for WooCommerce plugin <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via woosqbtn Shortcode vulnerability discovered by zaim in WordPress Plugin WPC Smart Quick View for WooCommerce versions = 4.2.1...

WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.4...

WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability

Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.4...

WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.4...

WordPress Contact Manager plugin <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title' vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'title' vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Contact Manager versions = 8.6.5...

WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Admin Menu Groups versions = 0.1.2...

WordPress Backup Bolt plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Backup Bolt versions = 1.5.0...

WordPress Link View plugin <= 0.8.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Link View versions = 0.8.0...

WordPress HAPPY plugin <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin HAPPY versions = 1.0.6...

WordPress Captcha.eu plugin <= 1.0.61 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by ch4r0n in WordPress Plugin Captcha.eu versions = 1.0.61...

WordPress Comments Capcha Box Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin Comments Capcha Box versions = 1.1...

WordPress Funnel Builder by FunnelKit Plugin <= 3.11.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Funnel Builder by FunnelKit versions = 3.11.1...

WordPress Raptive Ads Plugin <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Martin Herancourt Patchstack Alliance in WordPress Plugin Raptive Ads versions = 3.8.0...

WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin CubeWP versions = 1.1.24...

WordPress Simple Business Directory Pro Plugin < 15.6.9 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Simple Business Directory Pro versions 15.6.9...

WordPress ThemeMakers Visual Content Composer Plugin <= 1.5.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Plugin ThemeMakers Visual Content Composer versions = 1.5.8...

WordPress SensorPress plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin SensorPress versions = 1.0...

WordPress TC Testimonials plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin TC Testimonials versions = 1.1.1...

WordPress iFrame Block plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 63n0 Patchstack Bug Bounty Program in WordPress Plugin iFrame Block versions = 0.1.1...

WordPress CouponXxL theme <= 3.0.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Bonds in WordPress Theme CouponXxL versions = 3.0.0...

WordPress Basil theme <= 1.3.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Basil versions = 1.3.12...

WordPress Fabric theme <= 1.5.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Fabric versions = 1.5.0...

WordPress Dwell theme <= 1.7.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Dwell versions = 1.7.0...

WordPress Agricola theme <= 1.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Agricola versions = 1.1.0...

WordPress IPharm theme <= 1.2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme IPharm versions = 1.2.3...

WordPress Tripster theme <= 1.0.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tripster versions = 1.0.10...

WordPress Soleil theme <= 1.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Soleil versions = 1.17...

WordPress Panda theme <= 1.21 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Panda versions = 1.21...

WordPress Rare Radio theme <= 1.0.15.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Rare Radio versions = 1.0.15.1...