WordPress WoodMart Theme <= 8.2.3 is vulnerable to Local File Inclusion

Software WoodMart Type Theme Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-6746 Patch priority Low CVSS severity Low 7.5 Developer Xtemos PSID fa6d0144ad7f Credits stealthcopter Required privilege Contributor Published 7 Jul...

WordPress WoodMart Theme <= 8.2.3 is vulnerable to Cross Site Scripting (XSS)

Software WoodMart Type Theme Vulnerable versions = 8.2.3 Fixed in 8.2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-6743 Patch priority Low CVSS severity Low 6.5 Developer Xtemos PSID 119b4b01c8c2 Credits stealthcopter Required privilege...

WordPress UNIVERSAM plugin <= 9.00 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by mcdruid in WordPress Plugin UNIVERSAM versions = 9.00...

WordPress WP Pipes plugin <= 1.4.3 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Pipes versions = 1.4.3...

WordPress Subscribe to Download plugin <= 2.0.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Subscribe to Download versions = 2.0.9...

WordPress Groundhogg plugin <= 4.2.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by 63n0 in WordPress Plugin Groundhogg versions = 4.2.1...

WordPress Card flip image slideshow plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Card flip image slideshow versions = 1.5...

WordPress Pixelating image slideshow gallery plugin <= 8.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Peter Thaleikis in WordPress Plugin Pixelating image slideshow gallery versions = 8.0...

WordPress iFrame Images Gallery plugin <= 9.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Peter Thaleikis in WordPress Plugin iFrame Images Gallery versions = 9.0...

WordPress Cool fade popup plugin <= 10.1 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Peter Thaleikis in WordPress Plugin Cool fade popup versions = 10.1...

WordPress Posts Slider Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Posts Slider Shortcode versions = 1.0...

WordPress fluXtore plugin <= 1.6.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin fluXtore versions = 1.6.0...

WordPress CF7 7 Mailchimp Add-on plugin < 2.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin CF7 7 Mailchimp Add-on versions 2.4...

WordPress LMSACE Connect plugin <= 3.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin LMSACE Connect versions = 3.4...

WordPress WooCommerce Shop Page Builder plugin <= 2.27.7 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WooCommerce Shop Page Builder versions = 2.27.7...

WordPress Easy Elements Hider plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Ryan Novotny in WordPress Plugin Easy Elements Hider versions = 2.0...

WordPress Gallery Widget plugin <= 1.2.1 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin Gallery Widget versions = 1.2.1...

WordPress Contact Us page - Contact people LITE plugin <= 3.7.4 - SQL Injection Vulnerability

WordPress Contact Us page - Contact people LITE plugin = 3.7.4 - SQL Injection Vulnerability discovered by ch4r0n in WordPress Plugin Contact Us page - Contact people LITE versions = 3.7.4...

WordPress URL Shortener plugin <= 3.0.7 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by ch4r0n in WordPress Plugin URL Shortener versions = 3.0.7...

WordPress OwnerRez API plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin OwnerRez API versions = 1.2.1...

WordPress Bulk Featured Image plugin <= 1.2.4 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by greenhats in WordPress Plugin Bulk Featured Image versions = 1.2.4...

WordPress Frontend File Manager plugin <= 23.6 - Content Injection vulnerability

Content Injection vulnerability discovered by PARKGyunDeuk in WordPress Plugin Frontend File Manager versions = 23.6...

WordPress Video Gallery Block plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin Video Gallery Block versions = 1.1.0...

WordPress WP fancybox plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin WP fancybox versions = 1.0.3...

WordPress (Simply) Guest Author Name plugin <= 4.36 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by luckybuddy in WordPress Plugin Simply Guest Author Name versions = 4.36...

WordPress MyRewards plugin <= 5.4.14 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin MyRewards versions = 5.4.14...

WordPress All In One Slider Responsive plugin <= 3.7.9 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin All In One Slider Responsive versions = 3.7.9...

WordPress Chatra Live Chat + ChatBot + Cart Saver plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by haudayroi - BlueRock in WordPress Plugin Chatra Live Chat + ChatBot + Cart Saver versions = 1.0.11...

WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Peter Thaleikis in WordPress Plugin Contact Form 7 reCAPTCHA versions = 1.2.0...

WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Bonds in WordPress Plugin Service Finder Booking versions = 6.1...

WordPress Frontend File Manager Plugin <= 23.2 is vulnerable to Content Injection

Software Frontend File Manager Type Plugin Vulnerable versions = 23.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Content Injection CVE CVE-2025-27358 Patch priority Low CVSS severity Low 4.6 Developer Claim ownership PSID 0793a304d7eb Credits PARKGyunDeuk Required privileg...

WordPress Premium Addons for Elementor plugin <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Premium Addons for Elementor versions = 4.10.69...

WordPress Uncode Core plugin <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Uncode Core versions = 2.9.4.2...

WordPress Shortcodes Ultimate plugin <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute vulnerability

Authenticted Contributor+ Stored Cross-Site Scripting via 'data-url' Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin Shortcodes Ultimate versions = 7.4.0...

WordPress Download Plugin plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Download versions = 2.2.8...

WordPress DocCheck Login plugin <= 1.1.5 - Unauthorized Post Access vulnerability

Unauthorized Post Access vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin DocCheck Login versions = 1.1.5...

WordPress yContributors plugin <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin yContributors versions = 0.5...

WordPress RD Contacto plugin <= 1.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin RD Contacto versions = 1.4...

WordPress PayMaster for WooCommerce plugin <= 0.4.31 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Poli in WordPress Plugin PayMaster for WooCommerce versions = 0.4.31...

WordPress Smart Docs plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Smart Docs versions = 1.1.0...

WordPress Booking X plugin 1.0-1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Disclosure vulnerability discovered by kr0d in WordPress Plugin Booking X versions 1.0-1.1.2...

WordPress WPQuiz plugin <= 0.4.2 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Poli in WordPress Plugin WPQuiz versions = 0.4.2...

WordPress ProcessingJS for WordPress plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin ProcessingJS for WordPress versions = 1.2.2...

WordPress WP Human Resource Management plugin 2.0.0-2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion vulnerability

Missing Authorization to Authenticated Employee+ Arbitrary User Deletion vulnerability discovered by kr0d in WordPress Plugin WP Human Resource Management versions 2.0.0-2.2.17...

WordPress AI Engine plugin <= 2.8.4 - Insecure OAuth Implementation vulnerability

Insecure OAuth Implementation vulnerability discovered by István Márton - Wordfence in WordPress Plugin AI Engine versions = 2.8.4...

WordPress VikRentCar Car Rental Management System plugin <= 1.4.3 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin VikRentCar versions = 1.4.3...

WordPress Migration, Backup, Staging – WPvivid Backup & Migration plugin <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin WPvivid Backup and Migration versions = 0.9.116...

WordPress JKDEVKIT plugin <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Foxyyy in WordPress Plugin JKDEVKIT versions = 1.9.4...

WordPress AiBud WP plugin <= 1.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Ryan Kozak Patchstack Bug Bounty Program in WordPress Plugin AiBud WP versions = 1.9...

WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Trust Payments Gateway for WooCommerce JavaScript Library versions = 1.3.6...