WordPress Google Map Targeting Plugin <= 1.1.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin GMap Targeting versions = 1.1.6...

WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability

Remote Code Execution RCE Vulnerability discovered by theviper17 in WordPress Plugin Product XML Feed Manager for WooCommerce versions = 2.9.3...

WordPress Amazon Native Shopping Recommendations Plugin <= 1.3 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Amazon Native Shopping Recommendations versions = 1.3...

WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by theviper17 in WordPress Plugin StoreKeeper for WooCommerce versions = 14.4.4...

WordPress BuddyPress XProfile Custom Image Field Plugin <= 3.0.1 - Arbitrary File Deletion Vulnerability

Arbitrary File Deletion Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin BuddyPress XProfile Custom Image Field versions = 3.0.1...

WordPress Cube Portfolio Plugin <= 1.16.8 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Cube Portfolio versions = 1.16.8...

WordPress DELUCKS SEO Plugin <= 2.6.0 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin DELUCKS SEO versions = 2.6.0...

WordPress SureDash Plugin <= 1.1.0 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Denver Jackson in WordPress Plugin SureDash versions = 1.1.0...

WordPress Exertio Theme <= 1.3.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Frank in WordPress Theme Exertio versions = 1.3.2...

WordPress MapSVG Plugin < 8.6.12 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by Anhchangmutrang Patchstack Alliance in WordPress Plugin MapSVG versions 8.6.12...

WordPress Support Board plugin < 3.8.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Support Board versions 3.8.7...

WordPress WP Store Locator plugin <= 2.2.260 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by muhammad yudha in WordPress Plugin WP Store Locator versions = 2.2.260...

WordPress Exertio Theme <= 1.3.2 is vulnerable to PHP Object Injection

Software Exertio Type Theme Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-54686 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d25a71f8c070 Credits Aiden Required privilege Unauthenticated Publishe...

WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting vulnerability

Authenticated GiveWP worker+ Stored Cross-Site Scripting vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin GiveWP versions = 4.5.0...

WordPress Customer Reviews for WooCommerce plugin <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via author Parameter vulnerability discovered by zer0gh0st in WordPress Plugin Customer Reviews for WooCommerce versions = 5.80.2...

WordPress AI Engine plugin 2.9.3-2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions 2.9.3-2.9.4...

WordPress Magical Posts Display Plugin plugin <= 1.2.52 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin Magical Posts Display versions = 1.2.52...

WordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin WpEvently versions = 4.4.6...

WordPress Easy Elementor Addons plugin <= 2.2.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Abu Hurayra in WordPress Plugin Easy Elementor Addons versions = 2.2.6...

WordPress Integrate Google Drive plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Integrate Google Drive versions = 1.5.2...

WordPress Ebook Store Plugin plugin <= 5.8013 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Ebook Store versions = 5.8013...

WordPress Masteriyo - LMS Plugin plugin <= 1.18.3 - Cross Site Scripting (XSS) Vulnerability

WordPress Masteriyo - LMS Plugin plugin = 1.18.3 - Cross Site Scripting XSS Vulnerability discovered by Denver Jackson in WordPress Plugin Masteriyo - LMS versions = 1.18.3...

WordPress Classified Listing Plugin plugin <= 5.0.0 - Content Injection Vulnerability

Content Injection Vulnerability discovered by Denver Jackson in WordPress Plugin Classified Listing versions = 5.0.0...

WordPress WPFunnels plugin <= 3.5.26 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Denver Jackson in WordPress Plugin WPFunnels versions = 3.5.26...

WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin HT Mega versions = 2.9.0...

WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Button Block versions = 1.2.0...

WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Insecure Direct Object References IDOR Vulnerability discovered by Bao BlueRock in WordPress Plugin Motors versions = 1.4.80...

WordPress JetEngine Plugin plugin <= 3.7.1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.1.2...

WordPress JetTabs Plugin plugin <= 2.2.9.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetTabs versions = 2.2.9.1...

WordPress Integration for Contact Form 7 and Constant Contact Plugin plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Integration for Contact Form 7 and Constant Contact versions = 1.1.7...

WordPress WP Modal Popup with Cookie Integration Plugin plugin <= 2.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin WP Modal Popup with Cookie Integration versions = 2.4...

WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Connector for Gravity Forms and Google Sheets versions = 1.2.4...

WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Open Redirection Vulnerability

Open Redirection Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Connector for Gravity Forms and Google Sheets versions = 1.2.4...

WordPress Blogger Buzz Theme theme <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Theme Blogger Buzz versions = 1.2.6...

WordPress Online Booking & Scheduling Calendar for by vcita Plugin plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Online Booking & Scheduling Calendar for WordPress by vcita versions = 4.5.3...

WordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin YITH WooCommerce Popup versions = 1.48.0...

WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Product Configurator for WooCommerce versions = 1.4.4...

WordPress Chartify plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Chartify versions = 3.5.3...

WordPress Photo Engine Plugin plugin <= 6.4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Photo Engine versions = 6.4.3...

WordPress oik plugin <= 4.15.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin oik versions = 4.15.2...

WordPress myCred plugin <= 2.9.4.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin myCred versions = 2.9.4.3...

WordPress myCred plugin <= 2.9.4.3 - Race Condition Vulnerability

Race Condition Vulnerability discovered by Esteban Montes Morales in WordPress Plugin myCred versions = 2.9.4.3...

WordPress SmilePure Theme < 1.8.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SmilePure versions 1.8.5...

WordPress Cook&Meal <= 1.2.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cook&Meal versions = 1.2.3...

WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin TheBooking versions = 1.4.4...

WordPress BeeTeam368 Extensions Plugin <= 1.9.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Plugin BeeTeam368 Extensions versions = 1.9.4...

WordPress Realtyna Organic IDX plugin <= 5.0.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Realtyna Organic IDX plugin versions = 5.0.0...

WordPress Content Egg plugin <= 7.0.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin Content Egg versions = 7.0.0...

Drupal GoogleTag Manager module < 1.10.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module GoogleTag Manager versions 1.10.0...

Drupal Config Pages module < 2.18.0 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Pierre Rudloff prudloff in WordPress Module Config Pages versions 2.18.0...