WordPress Post Grid Master plugin <= 3.4.13 - Reflected Cross-Site Scripting via argsArray['read_more_text'] vulnerability

Reflected Cross-Site Scripting via argsArray'readmoretext' vulnerability discovered by Alefe Souza in WordPress Plugin Post Grid Master versions = 3.4.13...

WordPress Mine CloudVod plugin <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via audio Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via audio Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Mine CloudVod versions = 2.1.10...

WordPress Structured Content plugin <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via scfslocalbusiness Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Structured Content versions = 1.6.4...

WordPress Ai Engine plugin <= 2.9.4 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions vulnerability

Missing URL Scheme Validation to Authenticated Subscriber+ Arbitrary File Read via simpleTranscribeAudio and getaudio Functions vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions = 2.9.4...

WordPress Security Ninja plugin 5.201-5.242 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Security Ninja – Secure Firewall & Secure Malware Scanner versions 5.201-5.242...

WordPress Ebook Store plugin <= 5.8012 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by mikemyers in WordPress Plugin Ebook Store versions = 5.8012...

WordPress WPBookit plugin <= 1.0.6 - Unauthenticated Arbitrary File Upload via image_upload_handle Function vulnerability

Unauthenticated Arbitrary File Upload via imageuploadhandle Function vulnerability discovered by theviper17y in WordPress Plugin WPBookit versions = 1.0.6...

WordPress WPBakery Page Builder plugin <= 8.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Page Builder Elements vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Page Builder Elements vulnerability discovered by zer0gh0st in WordPress Plugin WPBakery Page Builder versions = 8.4.1...

WordPress CropRefine Plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CropRefine versions = 1.2.1...

WordPress Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App Plugin <= 0.8.8.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Blappsta Mobile App Plugin Your native, mobile iPhone App and Android App versions = 0.8.8.8...

WordPress VidMov <= 1.9.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme VidMov versions = 1.9.4...

WordPress WordPress Qwizcards plugin < 3.95 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Tommaso Gregori p1s1o in WordPress Plugin Qwizcards versions 3.95...

WordPress Universal Video Player - Addon for WPBakery Page Builder <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability

WordPress Universal Video Player - Addon for WPBakery Page Builder = 3.2.1 - Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Universal Video Player - Addon for WPBakery Page Builder versions = 3.2.1...

WordPress Support Board <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Support Board versions = 3.8.0...

WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Jobmonster versions = 4.7.8...

WordPress Responsive HTML5 Audio Player PRO With Playlist <= 3.5.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Responsive HTML5 Audio Player PRO With Playlist versions = 3.5.8...

WordPress Youtube Vimeo Video Player and Slider WP Plugin <= 3.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Youtube Vimeo Video Player and Slider WP Plugin versions = 3.8...

WordPress Video Blogster Lite plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Video Blogster Lite versions = 1.2...

WordPress CaptionPix <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CaptionPix versions = 1.8...

WordPress Simple Business Directory Pro <= 15.5.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Simple Business Directory Pro versions = 15.5.1...

WordPress Wholesale Suite plugin <= 2.2.4.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Wholesale Suite versions = 2.2.4.2...

Drupal COOKiES Consent Management module < 1.2.16 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module COOKiES Consent Management versions 1.2.16...

WordPress VidMov Theme <= 1.9.4 is vulnerable to Local File Inclusion

Software VidMov Type Theme Vulnerable versions = 1.9.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-25172 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 14a25e16a9b7 Credits Bonds Required privilege Unauthenticated Published 2...

WordPress Jobmonster Theme <= 4.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Jobmonster Type Theme Vulnerable versions = 4.7.8 Fixed in 4.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-53201 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24486db3ae4e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress Featured Image Plus – Quick & Bulk Edit with Unsplash plugin <= 1.6.6 - Authenticated (Admin+) Server-Side Request Forgery vulnerability

Authenticated Admin+ Server-Side Request Forgery vulnerability discovered by ch4r0n in WordPress Plugin Featured Image Plus versions = 1.6.6...

WordPress Social Streams plugin <= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Social Streams versions = 1.0.1...

WordPress Realty Portal – Agent plugin <= 0.3.9 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via rp_user_profile() Function vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation via rpuserprofile Function vulnerability discovered by theviper17y in WordPress Plugin Realty Portal – Agent versions = 0.3.9...

WordPress YANewsflash plugin <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin YANewsflash versions = 1.0.3...

WordPress Omnishop plugin <= 1.0.9 - Cross-Site Request Forgery to Arbitrary User Deletion via /users/delete REST Endpoint vulnerability

Cross-Site Request Forgery to Arbitrary User Deletion via /users/delete REST Endpoint vulnerability discovered by ch4r0n in WordPress Plugin Omnishop versions = 1.0.9...

WordPress Valuation Calculator plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via link Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Valuation Calculator versions = 1.3.2...

WordPress Fleetwire Fleet Management Plugin plugin <= 1.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via fleetwire_list Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via fleetwirelist Shortcode vulnerability discovered by Gilang in WordPress Plugin Fleetwire Fleet Management versions = 1.0.19...

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link vulnerability

Authenticated Author+ Stored Cross-Site Scripting via Image Title and Slide Link vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...

WordPress Elite Video Player <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Anhchangmutrang in WordPress Plugin Elite Video Player versions = 10.0.5...

WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ReachShip WooCommerce Multi-Carrier & Conditional Shipping versions = 4.3.1...

WordPress CSS & JavaScript Toolbox plugin < 12.0.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Martin Herancourt in WordPress Plugin CSS & JavaScript Toolbox versions 12.0.3...

WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Settings Change vulnerability

WordPress LoginWP - Pro Plugin = 4.0.8.5 - Settings Change vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin LoginWP - Pro versions = 4.0.8.5...

WordPress WP Links Page plugin <= 4.9.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by timomangcut in WordPress Plugin WP Links Page versions = 4.9.6...

WordPress Tablesome Table Premium <= 1.1.23 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Jamie Davies in WordPress Plugin Tablesome Table Premium versions = 1.1.23...

WordPress WP Pipes <= 1.4.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Pipes versions = 1.4.3...

WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Support Board versions = 3.8.0...

WordPress Caliris <= 1.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Caliris versions = 1.5...

WordPress AI Tools <= 4.0.7 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by theviper17 in WordPress Plugin AI Tools versions = 4.0.7...

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.27.8 - Path Traversal Vulnerability

Path Traversal Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Post and Page Builder by BoldGrid versions = 1.27.8...

WordPress Simple Contact Forms plugin <= 1.6.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Simple Contact Forms versions = 1.6.4...

WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability

WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme = 1.9.3 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Saxon - Viral Content Blog & Magazine Marketing WordPress Theme versions = 1.9.3...

WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability

WordPress InHype - Blog & Magazine WordPress Theme theme = 1.5.2 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme InHype - Blog & Magazine WordPress Theme versions = 1.5.2...

WordPress LearnPress Export Import plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin LearnPress Export Import versions = 4.0.9...

WordPress Caliris Theme <= 1.5 is vulnerable to Local File Inclusion

Software Caliris Type Theme Vulnerable versions = 1.5 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48160 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 97a9204ac041 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Latest Post Accordian Slider plugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Latest Post Accordian Slider versions = 1.3...

WordPress bSecure plugin 1.3.7-1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint

Missing Authorization to Unauthenticated Privilege Escalation via orderinfo REST Endpoint vulnerability discovered by kr0d in WordPress Plugin bSecure Your Universal Checkout versions 1.3.7-1.7.9...