WordPress Premium Addons for KingComposer Plugin <= 1.1.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Premium Addons for KingComposer versions = 1.1.1...

WordPress CleverReach WP plugin <= 1.5.20 - Unauthenticated SQL Injection via title Parameter vulnerability

Unauthenticated SQL Injection via title Parameter vulnerability discovered by mikemyers in WordPress Plugin CleverReach® WP versions = 1.5.20...

WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ChuongVN Patchstack Alliance in WordPress Plugin CleverReach® WP versions = 1.5.20...

WordPress The7 Theme <= 12.6.0 is vulnerable to Cross Site Scripting (XSS)

Software The7 Type Theme Vulnerable versions = 12.6.0 Fixed in 12.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-7726 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 79f4fdafca8f Credits Webbernaut Required privilege...

WordPress Themebox - Digital Products Ecommerce theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability

WordPress Themebox - Digital Products Ecommerce theme = 1.4.2 - Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Themebox - Digital Products Ecommerce versions = 1.4.2...

WordPress WebinarIgnition plugin <= 4.06.04 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin WebinarIgnition versions = 4.06.04...

WordPress Restaurante theme <= 3.0.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Restaurante versions = 3.0.7...

WordPress WP Gravity Forms FreshDesk plugin plugin <= 1.3.5 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms FreshDesk Plugin versions = 1.3.5...

WordPress WP Gravity Forms Insightly plugin <= 1.1.6 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms Insightly versions = 1.1.6...

WordPress OpenStreetMap for Gutenberg and WPBakery Page Builder plugin <= 1.2.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer versions = 1.2.0...

WordPress Eventin plugin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover vulnerability

Authenticated Contributor+ Privilege Escalation via User Email Change/Account Takeover vulnerability discovered by István Márton in WordPress Plugin Eventin versions = 4.0.34...

WordPress WP Gravity Forms Keap/Infusionsoft Plugin <= 1.2.3 - Deserialization of untrusted data Vulnerability

Deserialization of untrusted data Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms Keap/Infusionsoft versions = 1.2.3...

WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.9 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms Zoho CRM and Bigin versions = 1.2.9...

WordPress WP Gravity Forms Constant Contact plugin plugin <= 1.1.2 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms Constant Contact Plugin versions = 1.1.2...

WordPress WP Gravity Forms HubSpot plugin <= 1.2.6 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms HubSpot versions = 1.2.6...

WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability

WordPress GravityWP - Merge Tags = 1.4.4 - Local File Inclusion Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin GravityWP - Merge Tags versions = 1.4.4...

WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Peter Thaleikis in WordPress Plugin FundEngine versions = 1.7.4...

WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin IDonatePro versions = 2.1.9...

WordPress MapSVG Plugin < 8.7.4 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin MapSVG versions 8.7.4...

WordPress Connector for Gravity Forms and Google Sheets plugin <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Connector for Gravity Forms and Google Sheets versions = 1.2.6...

WordPress WP Gravity Forms Salesforce plugin <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms Salesforce versions = 1.5.1...

WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by mcdruid in WordPress Plugin YITH WooCommerce Compare versions = 3.6.0...

WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by h0j3n in WordPress Plugin ZoloBlocks versions = 2.3.2...

WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Easy Form Builder versions = 3.8.15...

WordPress Form Block Plugin <= 1.5.5 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Form Block versions = 1.5.5...

WordPress SMM API plugin <= 6.0.31 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin SMM API versions = 6.0.31...

WordPress Rentsyst Plugin <= 2.0.100 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin Rentsyst versions = 2.0.100...

WordPress 多说社会化评论框 Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin 多说社会化评论框 versions = 1.2...

WordPress Visit Counter Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Visit Counter versions = 1.0...

WordPress Multimedia Playlist Slider Addon for WPBakery Page Builder Plugin <= 2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Multimedia Playlist Slider Addon for WPBakery Page Builder versions = 2.1...

WordPress WP-jScrollPane plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin WP-jScrollPane versions = 2.0.3...

WordPress BaiduXZH Submit(百度熊掌号) plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin BaiduXZH Submit百度熊掌号 versions = 1.4.6...

WordPress User Language Switch plugin <= 1.6.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin User Language Switch versions = 1.6.10...

WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin CF7 WOW Styler versions = 1.7.2...

WordPress Inpersttion For Theme plugin <= 1.0 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by Peter Thaleikis in WordPress Plugin Inpersttion For Theme versions = 1.0...

WordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by theviper17 in WordPress Plugin Code Engine versions = 0.3.3...

WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Global Gallery versions = 9.2.3...

WordPress Exclusive Addons for Elementor plugin <= 2.7.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown vulnerability discovered by Webbernaut in WordPress Plugin Exclusive Addons Elementor versions = 2.7.9.4...

WordPress oik-privacy-policy plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin oik-privacy-policy versions = 1.4.10...

WordPress Pets Plugin <= 1.4.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Pets versions = 1.4.1...

WordPress Post Connector Plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Post Connector versions = 1.0.11...

WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability

Settings Change Vulnerability discovered by Denver Jackson in WordPress Plugin Coupon Affiliates versions = 6.4.0...

WordPress Prevent files / folders access Plugin <= 2.6.0 - Path Traversal Vulnerability

Path Traversal Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Prevent files / folders access versions = 2.6.0...

WordPress WP Lead Capturing Pages plugin < 2.6 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WP Lead Capturing Pages versions 2.6...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.3.11...

WordPress Xinterio Theme <= 4.2 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Xinterio versions = 4.2...

WordPress Urna Theme <= 2.5.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Urna versions = 2.5.7...

WordPress Cost Calculator Plugin <= 7.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Cost Calculator versions = 7.4...

WordPress Porn Videos Embed plugin <= 0.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Porn Videos Embed versions = 0.9.1...

Drupal AI SEO Link Advisor module < 1.0.6 - Authenticated Other Vulnerability Type vulnerability

Authenticated Other Vulnerability Type vulnerability discovered by Alberto Cocchiara bigbabert in WordPress Module AI SEO Link Advisor versions 1.0.6...