WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.9.0 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by domiee13 in WordPress Plugin Barcode Scanner with Inventory & Order Manager versions = 1.9.0...

WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability

Settings Change Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Membership versions = 1.6.3...

WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Bao BlueRock in WordPress Plugin CM On Demand Search And Replace versions = 1.5.2...

WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Bao BlueRock in WordPress Plugin CM On Demand Search And Replace versions = 1.5.2...

WordPress Webba Booking Plugin <= 6.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by greenhats in WordPress Plugin Webba Booking versions = 6.0.5...

WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Bao BlueRock in WordPress Plugin Embedder for Google Reviews versions = 1.7.3...

WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Mika in WordPress Plugin WPDM – Premium Packages versions = 6.0.2...

WordPress Savoy Theme <= 3.0.8 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Savoy versions = 3.0.8...

WordPress Nexter Blocks Plugin <= 4.5.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by MD ISMAIL in WordPress Plugin Nexter Blocks versions = 4.5.4...

WordPress Print My Blog Plugin <= 3.27.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Print My Blog versions = 3.27.9...

WordPress Shortcode Redirect Plugin <= 1.0.02 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Rooting in WordPress Plugin Shortcode Redirect versions = 1.0.02...

WordPress Templatera Plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin Templatera versions = 2.3.0...

WordPress JetProductGallery Plugin <= 2.2.0.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetProductGallery versions = 2.2.0.2...

WordPress Quiz And Survey Master Plugin <= 10.2.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Quiz And Survey Master versions = 10.2.4...

WordPress Visual Composer Website Builder Plugin < 45.15.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Visual Composer Website Builder versions 45.15.0...

WordPress TaxoPress Plugin <= 3.37.2 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin TaxoPress versions = 3.37.2...

WordPress WP Table Builder Plugin <= 2.0.12 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by theviper17 in WordPress Plugin WP Table Builder versions = 2.0.12...

WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 6.3.13 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Peter Thaleikis in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.3.13...

WordPress Blocksy Theme <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by savphill in WordPress Theme Blocksy versions = 2.1.6...

WordPress JetElements For Elementor Plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetElements For Elementor versions = 2.7.9...

WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin WP Statistics versions = 14.15...

WordPress MaxCoach Theme <= 3.2.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme MaxCoach versions = 3.2.5...

WordPress Unicamp Theme <= 2.6.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Unicamp versions = 2.6.3...

WordPress Makeaholic Theme <= 1.8.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Makeaholic versions = 1.8.4...

WordPress Add Custom Codes <= 4.80 - Arbitrary Code Execution Vulnerability

Arbitrary Code Execution Vulnerability discovered by Ryan Novotny in WordPress Plugin Add Custom Codes versions = 4.80...

WordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.9 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by tratt Patchstack Alliance in WordPress Plugin Dynamic Pricing With Discount Rules for WooCommerce versions = 4.5.9...

WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Online Booking & Scheduling Calendar for WordPress by vcita versions = 4.5.3...

WordPress oik Plugin <= 4.15.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin oik versions = 4.15.2...

WordPress WP Pipes Plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Pipes versions = 1.4.3...

WordPress Real Estate Manager Pro Plugin <= 12.7.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Real Estate Manager Pro versions = 12.7.3...

WordPress Infility Global <= 2.14.51 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Infility Global versions = 2.14.51...

WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WPGuppy versions = 1.1.4...

WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.16 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Denver Jackson in WordPress Plugin Kadence WooCommerce Email Designer versions = 1.5.16...

WordPress Simple Poll plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by TAKERU OTSUKA Patchstack Alliance in WordPress Plugin Simple Poll versions = 1.1.1...

WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by theviper17 in WordPress Plugin Neon Channel Product Customizer Free versions = 2.0...

WordPress JobSearch Plugin < 3.0.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin JobSearch versions 3.0.8...

WordPress DigitalOcean Spaces Sync plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin DigitalOcean Spaces Sync versions = 2.2.1...

WordPress Inspectlet – User Session Recording and Heatmaps plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Inspectlet User Session Recording and Heatmaps versions = 2.0...

WordPress Findgo Theme <= 1.3.57 is vulnerable to Cross Site Request Forgery (CSRF)

Software Findgo Type Theme Vulnerable versions = 1.3.57 Fixed in 1.3.58 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-53587 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 053168a85fa1 Credits 0xd4rk5id3 Required privile...

WordPress Savoy Theme <= 3.0.8 is vulnerable to Sensitive Data Exposure

Software Savoy Type Theme Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2025-54736 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f4b4625ac3c8 Credits Ananda Dhakal Patchstack Required...

WordPress Blocksy Theme <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Blocksy Type Theme Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-55713 Patch priority Low CVSS severity Low 5.9 Developer Creative Themes PSID 05f50ffb9258 Credits savphill Required privilege Shop manager...

WordPress WP Rentals Theme <= 3.13.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Rentals Type Theme Vulnerable versions = 3.13.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-53330 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID be5ed984cceb Credits Ananda Dhakal Patchstack Required privilege...

WordPress Stratus Theme <= 4.2.5 is vulnerable to Broken Access Control

Software Stratus Type Theme Vulnerable versions = 4.2.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53341 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90d8bfd3ac75 Credits Ananda Dhakal Patchstack Required...

WordPress Modernize Theme <= 3.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Modernize Type Theme Vulnerable versions = 3.4.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-53342 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 01bb68f5e642 Credits Ananda Dhakal Patchstack Required privilege...

WordPress Kalium Theme <= 3.18.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kalium Type Theme Vulnerable versions = 3.18.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-53347 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 959fedc4e441 Credits Ananda Dhakal Patchstack...

WordPress Unicamp Theme <= 2.6.3 is vulnerable to Local File Inclusion

Software Unicamp Type Theme Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54701 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d3f80f36b08b Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Makeaholic Theme <= 1.8.4 is vulnerable to Local File Inclusion

Software Makeaholic Type Theme Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-54700 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3530b771c10e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

WordPress Modernize Theme <= 3.4.0 is vulnerable to Broken Access Control

Software Modernize Type Theme Vulnerable versions = 3.4.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53343 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b7dbe31498eb Credits Ananda Dhakal Patchstack Required...

WordPress Latepoint plugin < 5.1.94 - Unauthenticated LFI vulnerability

Unauthenticated LFI vulnerability discovered by wesley wcraft in WordPress Plugin LatePoint versions 5.1.94...

WordPress Hide Text Shortcode plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Hide Text Shortcode versions = 1.1...