WordPress ColorFolio - Freelance Designer WordPress Theme theme <= 1.3 - Deserialization of untrusted data vulnerability

WordPress ColorFolio - Freelance Designer WordPress Theme theme = 1.3 - Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme ColorFolio - Freelance Designer WordPress Theme versions = 1.3...

WordPress Etchy theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Etchy versions = 1.0...

WordPress FindAll theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FindAll versions = 1.4...

WordPress Felizia theme <= 1.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Felizia versions = 1.3.4...

WordPress CasaMia | Property Rental Real Estate WordPress Theme theme <= 1.1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CasaMia | Property Rental Real Estate WordPress Theme versions = 1.1.2...

WordPress Au Pair Agency - Babysitting & Nanny Theme theme <= 1.2.2 - Deserialization of untrusted data vulnerability

WordPress Au Pair Agency - Babysitting & Nanny Theme theme = 1.2.2 - Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Au Pair Agency - Babysitting & Nanny Theme versions = 1.2.2...

WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme versions = 1.2.5...

WordPress Amelia plugin <= 1.2.38 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Amelia versions = 1.2.38...

WordPress DeepDigital theme <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme DeepDigital versions = 1.0.2...

WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mrreee in WordPress Plugin Secudeal Payments for Ecommerce versions = 1.1...

WordPress WP Booking System plugin <= 2.0.19.12 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by benzdeus in WordPress Plugin WP Booking System versions = 2.0.19.12...

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability discovered by WordFence in WordPress Plugin JS Help Desk versions = 2.8.2...

WordPress All-in-One Video Gallery plugin <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter vulnerability

Reflected Cross-Site Scripting via 'vi' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin All-in-One Video Gallery versions = 4.7.1...

WordPress e2pdf plugin <= 1.28.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin e2pdf versions = 1.28.15...

WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() vulnerability

WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin = 1.6.0 - Authenticated Contributor+ Limited Options Update in savegutenaformsschema vulnerability discovered by Youssef Elouaer in WordPress Plugin Gutena Forms – Contact Form, Survey...

WordPress Envira Gallery for WordPress plugin <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'justifiedgallerytheme' Parameter via REST API vulnerability discovered by WordFence in WordPress Plugin Envira Photo Gallery versions = 1.12.3...

WordPress Enable Media Replace plugin <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace vulnerability

Improper Authorization to Authenticated Author+ Arbitrary Attachment Change via Background Replace vulnerability discovered by Or Benit - MadSec in WordPress Plugin Enable Media Replace versions = 4.1.7...

WordPress WP-Members Membership Plugin plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute vulnerability

Authenticated Contributor+ SQL Injection via 'orderby' Shortcode Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP-Members versions = 3.5.5.1...

WordPress Morkva UA Shipping plugin <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Weight, kg' Field vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Morkva UA Shipping versions = 1.7.9...

WordPress Taskbuilder plugin <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'Block Emails' Field vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Taskbuilder versions = 5.0.3...

WordPress WPBookit plugin <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin WPBookit versions = 1.0.8...

WordPress Email Subscribers & Newsletters plugin <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'workflowids' Parameter vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.16...

WordPress PostX plugin <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API Endpoints vulnerability

Authenticated Administrator+ Server-Side Request Forgery via REST API Endpoints vulnerability discovered by WordFence in WordPress Plugin PostX versions = 5.0.8...

WordPress BuddyApp theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme BuddyApp versions = 1.9.2...

WordPress FormGent plugin <= 1.5.5 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Aiden in WordPress Plugin FormGent versions = 1.5.5...

WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by PPzzAArr in WordPress Plugin Podlove Web Player versions = 5.9.1...

WordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WordPress CTA versions = 2.1.2...

WordPress Agrofood theme < 1.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Agrofood versions 1.4.0...

WordPress Thebe theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Thebe versions = 1.3.0...

WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Solaris versions = 2.5...

WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pets Club versions = 2.3...

WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Handyman versions = 1.4.7...

WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cookiteer versions = 1.4.8...

WordPress Classter theme <= 2.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Classter versions = 2.5...

WordPress Wanderland theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wanderland versions = 1.5...

WordPress Askka theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Askka versions = 1.0...

WordPress Remons theme <= 1.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Remons versions = 1.3.4...

WordPress Hoverex theme <= 1.5.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hoverex versions = 1.5.10...

WordPress Don Peppe theme <= 1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Don Peppe versions = 1.3...

WordPress Berger theme <= 1.1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Berger versions = 1.1.1...

WordPress Prowess theme <= 1.8.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Prowess versions = 1.8.1...

WordPress Thecs theme <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Thecs versions = 1.4.7...

WordPress TheBi theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme TheBi versions = 1.0.5...

WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nutrie versions 2.0.1...

WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lendiz versions 2.0.1...

WordPress Keenarch theme < 2.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Keenarch versions 2.0.1...

WordPress Grand Wedding theme <= 3.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Grand Wedding versions = 3.1.0...

WordPress Charety theme < 2.0.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Charety versions 2.0.2...

WordPress Car Zone theme <= 3.7 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Car Zone versions = 3.7...

WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.5...