WordPress Ultra Portfolio - WordPress Plugin <= 6.7 - Cross Site Scripting (XSS) Vulnerability

WordPress Ultra Portfolio - WordPress Plugin = 6.7 - Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ultra Portfolio versions = 6.7...

WordPress Support Ticket Plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Support Ticket versions = 1.9...

WordPress AnyComment plugin <= 0.3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin AnyComment versions = 0.3.6...

WordPress Evergreen Content Poster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mika in WordPress Plugin Evergreen Content Poster versions = 1.4.5...

WordPress ShareBang, Ultimate Social Share Buttons for WordPress Plugin <= 1.4 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin ShareBang, Ultimate Social Share Buttons for WordPress versions = 1.4...

WordPress RSFirewall! plugin <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read vulnerability

Authenticated Admin+ Arbitrary File Read vulnerability discovered by WordFence in WordPress Plugin RSFirewall! versions = 1.1.42...

WordPress Friends plugin <= 3.5.1 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by Pham Nguyen Khoa in WordPress Plugin Friends versions = 3.5.1...

WordPress BeeTeam368 Extensions plugin <= 2.3.5 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Marco Wotschka in WordPress Plugin BeeTeam368 Extensions versions = 2.3.5...

WordPress Nokri - Job Board WordPress Theme plugin <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability

WordPress Nokri - Job Board WordPress Theme plugin = 1.6.3 - Authenticated Subscriber+ Privilege Escalation via Account Takeover vulnerability discovered by Tonn in WordPress Theme Nokri versions = 1.6.3...

WordPress WPBookit plugin <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by theviper17y in WordPress Plugin WPBookit versions = 1.0.4...

WordPress WPBookit plugin <= 1.0.4 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by stealthcopter in WordPress Plugin WPBookit versions = 1.0.4...

WordPress GeoDirectory plugin < 2.8.120 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by imduyb in WordPress Plugin GeoDirectory versions 2.8.120...

WordPress Order Delivery Date Pro for WooCommerce plugin < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure vulnerability

Unauthenticated Arbitrary Post Title Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin Order Delivery Date for WP e-Commerce versions 12.6.0...

WordPress Houzez theme <= 4.2.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Houzez versions = 4.2.5...

WordPress gAppointments Plugin <= 1.14.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin gAppointments versions = 1.14.1...

WordPress Support Ticket System for WooCommerce plugin <= 2.0.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Support Ticket System for WooCommerce Premium versions = 2.0.7...

WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by domiee13 in WordPress Plugin Product XML Feed Manager for WooCommerce versions = 2.9.2...

WordPress WordPress-WPJobBoard <= 25.07010000-WP6.8.1-JB5.11.5 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by timomangcut in WordPress Plugin WordPress-WPJobBoard versions = 25.07010000-WP6.8.1-JB5.11.5...

WordPress URL Shortener <= 3.0.7 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin URL Shortener versions = 3.0.7...

WordPress HTML5 Radio Player - WPBakery Page Builder Addon plugin <= 2.5 - Arbitrary File Download vulnerability

WordPress HTML5 Radio Player - WPBakery Page Builder Addon plugin = 2.5 - Arbitrary File Download vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin HTML5 Radio Player - WPBakery Page Builder Addon versions = 2.5...

WordPress Contest Gallery <= 26.0.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by domiee13 in WordPress Plugin Contest Gallery versions = 26.0.6...

WordPress The E-Commerce ERP <= 2.1.1.3 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by ch4r0n in WordPress Plugin The E-Commerce ERP versions = 2.1.1.3...

WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Medical Prescription Attachment Plugin for WooCommerce versions = 1.2.3...

WordPress WP-BusinessDirectory <= 3.1.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin WP-BusinessDirectory versions = 3.1.4...

WordPress URL Shortener <= 3.0.7 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by ch4r0n in WordPress Plugin URL Shortener versions = 3.0.7...

WordPress Simple Link Directory plugin < 14.8.1 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Simple Link Directory versions 14.8.1...

WordPress Nokri Theme <= 1.6.3 is vulnerable to Privilege Escalation

Software Nokri Type Theme Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-1313 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8781d35f0a1e Credits Tonn Required...

WordPress Broken Link Notifier plugin <= 1.3.0 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Broken Link Notifier versions = 1.3.0...

WordPress Broken Link Notifier plugin <= 1.3.0 - Authenticated (Contributor+) CSV Injection vulnerability

Authenticated Contributor+ CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Broken Link Notifier versions = 1.3.0...

WordPress WoodMart plugin <= 8.2.5 - Unauthenticated Post Disclosure vulnerability

Unauthenticated Post Disclosure vulnerability discovered by stealthcopter in WordPress Theme WoodMart versions = 8.2.5...

WordPress WPC Smart Compare for WooCommerce plugin <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin WPC Smart Compare for WooCommerce versions = 6.4.6...

WordPress WP Register Profile With Shortcode plugin <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Kishan Vyas in WordPress Plugin WP Register Profile With Shortcode versions = 3.6.2...

WordPress FooGallery plugin <= 2.4.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin FooGallery versions = 2.4.31...

WordPress Contest Gallery plugin <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin Contest Gallery versions = 26.0.8...

WordPress GB Forms DB plugin <= 1.0.2 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by CVEhunter in WordPress Plugin GB Forms DB versions = 1.0.2...

WordPress Hostel plugin < 1.1.5.9 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Hostel versions 1.1.5.9...

WordPress Hostel plugin < 1.1.5.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Tommaso Gregori p1s1o in WordPress Plugin Hostel versions 1.1.5.8...

WordPress ProfileGrid plugin <= 5.9.5.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin ProfileGrid versions = 5.9.5.2...

WordPress Traveler theme < 3.2.2 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Ann Patchstack Alliance in WordPress Theme Traveler versions 3.2.2...

WordPress Pro Bulk Watermark Plugin for WordPress <= 2.0 - Path Traversal Vulnerability

Path Traversal Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pro Bulk Watermark Plugin for WordPress versions = 2.0...

WordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by ch4r0n in WordPress Plugin Wishlist for WooCommerce versions = 3.2.3...

WordPress Official Integration for Billingo plugin <= 4.2.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin Official Integration for Billingo versions = 4.2.9...

WordPress Medizin Theme < 1.9.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Medizin versions 1.9.7...

WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Anhchangmutrang in WordPress Plugin Ultimate Video Player versions = 10.1...

WordPress Traveler Theme < 3.2.2 is vulnerable to SQL Injection

Software Traveler Type Theme Vulnerable versions 3.2.2 Fixed in 3.2.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2025-52714 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d97b1d91ed8e Credits Thái An Required privilege Unauthenticated Published 10...

WordPress Pro Bulk Watermark Plugin for WordPress Theme <= 2.0 is vulnerable to Path Traversal

Software Pro Bulk Watermark Plugin for WordPress Type Theme Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2025-28973 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID c40f943bba08 Credits Tran Nguyen Bao Khanh VCI -...

WordPress WoodMart Theme <= 8.2.5 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 8.2.5 Fixed in 8.2.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2025-6745 Patch priority Low CVSS severity Low 5.3 Developer Xtemos PSID db887fae132e Credits stealthcopter Required...

WordPress Lana Downloads Manager plugin <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by István Márton in WordPress Plugin Lana Downloads Manager versions = 1.10.0...

WordPress WP Lightbox 2 plugin < 3.0.6.8 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin WP Lightbox 2 versions 3.0.6.8...

WordPress Sharable Password Protected Posts plugin < 1.1.1 - Unauthenticated Password Protect Post Access vulnerability

Unauthenticated Password Protect Post Access vulnerability discovered by Pierre Rudloff in WordPress Plugin Sharable Password Protected Posts versions 1.1.1...