WordPress Cocco theme <= 1.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cocco versions = 1.5.1...

WordPress Aviana theme <= 2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Aviana versions = 2.1...

WordPress Molla theme <= 1.5.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Molla versions = 1.5.16...

WordPress Wolmart theme <= 1.9.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Wolmart versions = 1.9.6...

WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 in WordPress Plugin AI Engine versions = 3.3.2...

WordPress The Issue theme <= 1.6.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme The Issue versions = 1.6.11...

WordPress Photography theme <= 7.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Photography versions = 7.6.1...

WordPress Starto theme <= 2.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Starto versions = 2.1.9...

WordPress Grand News | Magazine Newspaper WordPress theme <= 3.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand News versions = 3.4.3...

WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Coming Soon Product with Countdown versions = 5.0...

WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Supakiad S. m3ez in WordPress Plugin Tutor LMS versions = 3.9.5...

WordPress Architecturer theme <= 3.8.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Architecturer versions = 3.8.8...

WordPress Awa Plugins plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Awa Plugins versions = 1.4.4...

WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin PowerPress Podcasting versions = 11.15.10...

WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Responsive Posts Carousel Pro versions = 15.1...

WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Bakery Autoresponder Addon versions = 1.0.6...

WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Bakery Autoresponder Addon versions = 1.0.6...

WordPress Geo Mashup plugin <= 1.13.17 - Unauthenticated SQL Injection via 'sort' Parameter vulnerability

Unauthenticated SQL Injection via 'sort' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Geo Mashup versions = 1.13.17...

WordPress WPGSI: Spreadsheet Integration plugin <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token vulnerability

Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via Forged Base64 Token vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin Spreadsheet Integration – Automate Google Sheets With WordPress...

WordPress Post Duplicator plugin <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter vulnerability

Missing Authorization to Authenticated Contributor+ Protected Post Meta Insertion via 'customMetaData' Parameter vulnerability discovered by Nguyen Ba Hung bashu - KCSC in WordPress Plugin Post Duplicator versions = 3.0.8...

WordPress WP Recipe Maker plugin <= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Abhinav Jaswal wrathexe - Self employed in WordPress Plugin WP Recipe Maker versions = 10.2.3...

WordPress Disable Admin Notices - Hide Dashboard Notifications plugin <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

WordPress Disable Admin Notices - Hide Dashboard Notifications plugin = 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by lucsob in WordPress Plugin Disable Admin Notices individually versions = 1.4.2...

WordPress Secure Copy Content Protection and Content Locking plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 5.0.1...

WordPress Responsive Lightbox & Gallery plugin <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload vulnerability

Authenticated Author+ Server-Side Request Forgery via Remote Library Image Upload vulnerability discovered by lucsob in WordPress Plugin Responsive Lightbox versions = 2.7.1...

WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability

WordPress Rise Blocks - A Complete Gutenberg Page Builder plugin = 3.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Site Identity Block Attributes vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Rise Blocks versions = 3.7...

WordPress ElementsKit Lite plugin < 3.7.9 - Unauthenticated Mailchimp REST Endpoint vulnerability

Unauthenticated Mailchimp REST Endpoint vulnerability discovered by Rahul Karne in WordPress Plugin ElementsKit Elementor addons Lite versions 3.7.9...

WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin <= 6.4.7 - Unauthenticated Email Relay vulnerability

WordPress The Plus Addons for Elementor - Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin = 6.4.7 - Unauthenticated Email Relay vulnerability discovered by jtwings - Puramu in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.7...

WordPress Conditional CAPTCHA plugin <= 4.0.0 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Bob Matyas in WordPress Plugin Conditional CAPTCHA versions = 4.0.0...

WordPress Musico theme <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Musico versions = 3.2.4...

WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Celeste versions = 1.3.6...

WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Chaty versions = 3.5.1...

WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Tablesome versions = 1.2.3...

WordPress WooCommerce Order Details plugin <= 3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Order Details versions = 3.1...

WordPress Gecko theme <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Gecko versions = 1.9.8...

WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability

WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme = 2.2.7 - Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Claue - Clean, Minimal Elementor WooCommerce Theme versions = 2.2.7...

WordPress NextScripts plugin <= 4.4.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextScripts versions = 4.4.7...

WordPress Ebook Store plugin <= 5.8001 - Reflected Cross-Site Scripting via 'step' vulnerability

Reflected Cross-Site Scripting via 'step' vulnerability discovered by nvthien in WordPress Plugin Ebook Store versions = 5.8001...

WordPress WP Ad Guru plugin <= 2.5.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WP Ad Guru versions = 2.5.4...

WordPress Aora theme <= 1.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Aora versions = 1.3.15...

WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Metro versions = 2.13...

WordPress Metro theme <= 2.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Metro versions = 2.13...

WordPress W3 Total Cache plugin <= 2.9.1 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by CODE WHITE GmbH in WordPress Plugin W3 Total Cache versions = 2.9.1...

WordPress DesignThemes Portfolio plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Portfolio versions = 1.3...

WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Directory Addon versions = 1.8...

WordPress DesignThemes Booking Manager plugin <= 2.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin DesignThemes Booking Manager versions = 2.0...

WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.1...

WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.1 - Account Takeover vulnerability

Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.1...

WordPress Classified Listing plugin <= 5.3.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by daroo in WordPress Plugin Classified Listing versions = 5.3.4...

WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Directory Pro versions = 2.5.6...

WordPress Really Simple Security Pro plugin <= 9.5.4.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dcodx in WordPress Plugin Really Simple Security Pro versions = 9.5.4.0...