WordPress Contest Gallery plugin <= 28.1.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Thomas Sanzey in WordPress Plugin Contest Gallery versions = 28.1.4...

WordPress User Registration & Membership plugin <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration vulnerability

Unauthenticated Privilege Escalation via Membership Registration vulnerability discovered by Foxyyy in WordPress Plugin User Registration versions = 5.1.2...

WordPress All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin <= 2.2.5 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login versions = 2.2.5...

WordPress wpDataTables plugin <= 6.5.0.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin wpDataTables versions = 6.5.0.1...

WordPress Master Addons for Elementor Premium plugin <= 2.1.3 - Authenticated (Subscriber+) Remote Code Execution via render_preview vulnerability

Authenticated Subscriber+ Remote Code Execution via renderpreview vulnerability discovered by Ren Voza in WordPress Plugin Master Addons for Elementor Premium versions = 2.1.3...

WordPress Page Builder by SiteOrigin plugin <= 2.33.5 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by dragonzenai - AhnLab in WordPress Plugin Page Builder by SiteOrigin versions = 2.33.5...

WordPress LatePoint plugin <= 5.2.7 - Authenticated (Administrator+) SQL Injection via JSON Import vulnerability

Authenticated Administrator+ SQL Injection via JSON Import vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin LatePoint versions = 5.2.7...

WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload vulnerability

WordPress Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin = 7.0.0.3 - Authenticated Administrator+ Server-Side Request Forgery to Arbitrary File Upload vulnerability discovered by lucsob in WordPress Plugin Uncanny Automator versions = 7.0.0.3...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification vulnerability

Missing Authorization to Unauthenticated API Key Modification vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.5...

WordPress Blocksy plugin <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via blocksymeta Fields vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Theme Blocksy versions = 2.1.30...

WordPress WP Food plugin < 2.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WP Food versions 2.7.1...

WordPress BigHearts theme <= 3.1.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Theme BigHearts versions = 3.1.14...

WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by luc in WordPress Plugin LMS Elementor Pro versions = 1.0.4...

WordPress Widget Options plugin <= 4.1.3 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by mcdruid in WordPress Plugin Widget Options versions = 4.1.3...

WordPress Super Stage WP plugin <= 1.0.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Super Stage WP versions = 1.0.1...

WordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Ratatouille versions = 1.2.6...

WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin EventON versions = 4.9.12...

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.21.1...

WordPress Listify plugin <= 3.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Listify versions = 3.2.5...

WordPress VW School Education theme <= 1.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Theme VW School Education versions = 1.4.6...

WordPress VW Portfolio theme <= 1.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Theme VW Portfolio versions = 1.3.3...

WordPress VW Photography theme <= 1.3.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Theme VW Photography versions = 1.3.8...

WordPress Humanum theme <= 1.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Humanum versions = 1.1.4...

WordPress OsTende theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme OsTende versions = 1.4.3...

WordPress VW Pet Shop theme <= 1.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Theme VW Pet Shop versions = 1.4.7...

WordPress The Qlean theme <= 2.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme The Qlean versions = 2.12...

WordPress Equadio theme <= 1.1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Equadio versions = 1.1.3...

WordPress Quanzo theme <= 1.0.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Quanzo versions = 1.0.10...

WordPress ConFix theme <= 1.013 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ConFix versions = 1.013...

WordPress Avventure theme <= 1.1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Avventure versions = 1.1.12...

WordPress VW Fitness theme <= 4.3.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Theme VW Fitness versions = 4.3.4...

WordPress Meals & Wheels theme <= 1.1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Meals & Wheels versions = 1.1.12...

WordPress Aldo theme <= 1.0.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Aldo versions = 1.0.10...

WordPress Tediss theme <= 1.2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tediss versions = 1.2.4...

WordPress Justitia theme <= 1.1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Justitia versions = 1.1.0...

WordPress Lingvico theme <= 1.0.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Lingvico versions = 1.0.14...

WordPress Maxify theme <= 1.0.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Maxify versions = 1.0.16...

WordPress Vixus theme <= 1.0.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Vixus versions = 1.0.16...

WordPress Yungen theme <= 1.0.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Yungen versions = 1.0.12...

WordPress Coinpress theme <= 1.0.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Coinpress versions = 1.0.14...

WordPress DroneX theme <= 1.1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme DroneX versions = 1.1.12...

WordPress Scientia theme <= 1.2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Scientia versions = 1.2.4...

WordPress Yottis theme <= 1.0.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Yottis versions = 1.0.10...

WordPress Gridiron theme <= 1.0.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gridiron versions = 1.0.14...

WordPress Kratz theme <= 1.0.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Kratz versions = 1.0.12...

WordPress Translogic theme <= 1.2.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Translogic versions = 1.2.11...

WordPress ShiftCV theme <= 3.0.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ShiftCV versions = 3.0.14...

WordPress Luxury Wine theme <= 1.1.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Luxury Wine versions = 1.1.14...

WordPress Green Thumb theme <= 1.1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Green Thumb versions = 1.1.12...

WordPress Global Logistics theme <= 3.20 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Global Logistics versions = 3.20...