WordPress MCKinney's Politics theme <= 1.2.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme MCKinney's Politics versions = 1.2.8...

WordPress Mandala theme <= 2.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Mandala versions = 2.8...

WordPress Dixon theme <= 1.4.2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Dixon versions = 1.4.2.1...

WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Dermatology Clinic versions = 1.4.3...

WordPress S.King theme <= 1.5.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme S.King versions = 1.5.3...

WordPress Tiger Claw theme <= 1.1.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tiger Claw versions = 1.1.14...

WordPress Happy Baby theme <= 1.2.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Happy Baby versions = 1.2.12...

WordPress Asia Garden theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Asia Garden versions = 1.3.1...

WordPress Edge Decor theme <= 2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Edge Decor versions = 2.2...

WordPress Eject theme <= 2.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Eject versions = 2.17...

WordPress Legrand theme <= 2.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Legrand versions = 2.17...

WordPress Bassein theme <= 1.0.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Bassein versions = 1.0.15...

WordPress Rhythmo theme <= 1.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Rhythmo versions = 1.3.4...

WordPress Le Truffe theme <= 1.1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Le Truffe versions = 1.1.7...

WordPress Vapester theme <= 1.1.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vapester versions = 1.1.10...

WordPress Conquerors theme <= 1.2.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Conquerors versions = 1.2.13...

WordPress Windsor theme <= 2.5.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Windsor versions = 2.5.0...

WordPress Bazinga theme <= 1.1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Bazinga versions = 1.1.9...

WordPress Mahogany theme <= 2.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Mahogany versions = 2.9...

WordPress Run Gran theme <= 2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Run Gran versions = 2.0...

WordPress Filmax theme <= 1.1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Filmax versions = 1.1.11...

WordPress Aqualots theme <= 1.1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Aqualots versions = 1.1.6...

WordPress Daiquiri theme <= 1.2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Daiquiri versions = 1.2.4...

WordPress Gamezone theme <= 1.1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gamezone versions = 1.1.11...

WordPress Coleo theme <= 1.1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Coleo versions = 1.1.7...

WordPress Sounder theme <= 1.3.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Sounder versions = 1.3.11...

WordPress Ozisti theme <= 1.1.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Ozisti versions = 1.1.10...

WordPress RexCoin theme <= 1.2.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme RexCoin versions = 1.2.6...

WordPress Marcell theme <= 1.2.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Marcell versions = 1.2.14...

WordPress WealthCo theme <= 2.18 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WealthCo versions = 2.18...

WordPress Artrium theme <= 1.0.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Artrium versions = 1.0.14...

WordPress Save Life theme <= 1.2.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Save Life versions = 1.2.13...

WordPress UberSlider Ultra plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UberSlider Ultra versions = 2.3...

WordPress UberSlider PerpetuumMobile plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UberSlider PerpetuumMobile versions = 2.3...

WordPress UberSlider MouseInteraction plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UberSlider MouseInteraction versions = 2.3...

WordPress UberSlider Classic plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UberSlider Classic versions = 2.5...

WordPress WP EasyCart plugin <= 5.8.13 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP EasyCart versions = 5.8.13...

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Williwollo CybrX in WordPress Plugin WP User Frontend versions = 4.2.8...

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification vulnerability

Missing Authorization to Unauthenticated Payment Status modification vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

WordPress Listee plugin <= 1.1.6 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by シルAsuna in WordPress Theme Listee versions = 1.1.6...

WordPress PKT1 Centro de envios plugin <= 1.2.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin PKT1 Centro de envios versions = 1.2.1...

WordPress Analytics Cat plugin <= 1.1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Analytics Cat versions = 1.1.2...

WordPress MailArchiver plugin <= 4.5.0 - Authenticated (Admininistrator+) SQL Injection via 'logid' Parameter vulnerability

Authenticated Admininistrator+ SQL Injection via 'logid' Parameter vulnerability discovered by Ronnachai Chaipha rxnr - Reconix Co., Ltd. in WordPress Plugin MailArchiver versions = 4.5.0...

WordPress Japanized for WooCommerce plugin <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation vulnerability

Missing Authorization to Unauthenticated Paidy Order Manipulation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin Japanized For WooCommerce versions = 2.8.4...

WordPress Electric Enquiries plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'button' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Electric Enquiries versions = 1.1...

WordPress WP Accessibility plugin <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via 'alt' Attribute vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP Accessibility versions = 2.3.1...

WordPress Simple Download Monitor plugin <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Field vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Download Monitor versions = 4.0.5...

WordPress Xpro Addons - 140+ Widgets for Elementor plugin <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability

WordPress Xpro Addons - 140+ Widgets for Elementor plugin = 1.4.24 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Scroller Widget box link vulnerability discovered by zer0gh0st in WordPress Plugin Xpro Elementor Addons versions = 1.4.24...

WordPress Automotive Car Dealership Business WordPress Theme plugin <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Call to Action Fields vulnerability discovered by Mateusz Gierblinski in WordPress Theme Automotive Car Dealership Business versions = 13.4...

WordPress WP Recipe Maker plugin <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' Parameter vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin WP Recipe Maker versions = 10.3.2...