WordPress WP All Export plugin <= 1.4.14 - Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability

Unauthenticated Sensitive Information Exposure via PHP Type Juggling vulnerability discovered by Vincent Theriault-Laine in WordPress Plugin Export any WordPress data to XML/CSV versions = 1.4.14...

WordPress The Plus Addons for Elementor plugin <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' vulnerability

Incorrect Authorization to Authenticated Author+ Arbitrary Draft Post Creation via 'posttype' vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.4.7...

WordPress Bookster - WordPress Appointment Booking Plugin plugin <= 2.1.1 - Authenticated (Administrator+) SQL Injection via 'raw' vulnerability

WordPress Bookster - WordPress Appointment Booking Plugin plugin = 2.1.1 - Authenticated Administrator+ SQL Injection via 'raw' vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Bookster versions = 2.1.1...

WordPress WP-DownloadManager plugin <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Deletion via 'file' Parameter vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.69...

WordPress WpEvently plugin <= 5.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WpEvently versions = 5.1.1...

WordPress Valenti theme <= 5.6.3.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Valenti versions = 5.6.3.5...

WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Aruba HiSpeed Cache versions = 3.0.4...

WordPress Grand Restaurant theme <= 7.0.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Restaurant versions = 7.0.10...

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.10...

WordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin Mail Mint versions = 1.19.4...

WordPress IMGspider plugin <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file' vulnerability

Authenticated Contributor+ Arbitrary File Upload via 'uploadimgfile' vulnerability discovered by István Márton - Wordfence in WordPress Plugin IMGspider versions = 2.3.10...

WordPress Import Eventbrite Events plugin <= 1.7.4 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Import Eventbrite Events versions = 1.7.4...

WordPress RSS Aggregator plugin <= 5.0.10 - Reflected Cross-Site Scripting via 'template' Parameter vulnerability

Reflected Cross-Site Scripting via 'template' Parameter vulnerability discovered by zer0gh0st in WordPress Plugin WP RSS Aggregator versions = 5.0.10...

WordPress FluentForm plugin <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via Welcome Screen Fields vulnerability discovered by zer0gh0st in WordPress Plugin FluentForm versions = 5.1.19...

WordPress LiquidPoll plugin <= 3.3.78 - Unauthenticated Stored Cross-Site Scripting via form_data Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via formdata Parameter vulnerability discovered by zer0gh0st in WordPress Plugin LiquidPoll versions = 3.3.78...

WordPress ARForms plugin <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url vulnerability

Unauthenticated Stored Cross-Site Scripting via arfhttpreferrerurl vulnerability discovered by drop in WordPress Plugin ARForms Form Builder versions = 1.5.8...

WordPress tagDiv Composer plugin <= 5.0 - Reflected Cross-Site Scripting via envato_code[] vulnerability

Reflected Cross-Site Scripting via envatocode vulnerability discovered by Truoc Phan - Techlab Corporation in WordPress Plugin tagDiv Composer versions = 5.0...

WordPress Formidable Forms plugin <= 6.7 - HTML Injection vulnerability

HTML Injection vulnerability discovered by drop in WordPress Plugin Formidable Forms versions = 6.7...

WordPress Premmerce plugin <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'premmercewizardactions' AJAX Endpoint vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Premmerce versions = 1.3.20...

WordPress Subitem AL Slider plugin <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Subitem AL Slider versions = 1.0.0...

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin = 3.1.0 - Authenticated Shop Manager+ Code Injection via Conditional Logic 'operator' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Product Addons for Woocommerce versions = 3.1....

WordPress Download Manager plugin <= 3.3.46 - Reflected Cross-Site Scripting via 'redirect_to' Parameter vulnerability

Reflected Cross-Site Scripting via 'redirectto' Parameter vulnerability discovered by Jack Taylor in WordPress Plugin Download Manager versions = 3.3.46...

WordPress ShopLentor plugin <= 3.3.2 - Unauthenticated Email Relay Abuse via 'woolentor_suggest_price_action' AJAX Action vulnerability

Unauthenticated Email Relay Abuse via 'woolentorsuggestpriceaction' AJAX Action vulnerability discovered by Teerachai Somprasong in WordPress Plugin ShopLentor versions = 3.3.2...

WordPress Rent Fetch plugin <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability discovered by WordFence in WordPress Plugin Rent Fetch versions = 0.32.6...

WordPress WPNakama plugin <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability

Unauthenticated SQL Injection via 'order' REST API Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPNakama versions = 0.6.5...

WordPress Taskbuilder plugin <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters vulnerability

Authenticated Subscriber+ SQL Injection via 'order' and 'sortby' Parameters vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Taskbuilder versions = 5.0.2...

WordPress Business Directory Plugin plugin <= 6.4.21 - Unauthenticated SQL Injection via payment Parameter vulnerability

Unauthenticated SQL Injection via payment Parameter vulnerability discovered by Sein Linn in WordPress Plugin Business Directory versions = 6.4.21...

WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Spa and Salon versions = 1.3.2...

WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability

WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin = 6.0.6.9 - Unauthenticated Payment Bypass via rmprocesspaypalsdkpayment vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin RegistrationMagi...

WordPress Complianz | GDPR/CCPA Cookie Consent plugin <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Complianz versions = 7.4.3...

WordPress User Submitted Posts plugin <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability

Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter vulnerability discovered by type5afe in WordPress Plugin User Submitted Posts versions = 20260113...

WordPress Video Share VOD plugin <= 2.7.11 - Authenticated (Editor+) Stored Cross-Site Scripting via Custom Field Meta Values vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Custom Field Meta Values vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Video Share VOD versions = 2.7.11...

WordPress SiteOrigin Widgets Bundle plugin <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by bashu - KCSC in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.70.4...

WordPress WP Event Aggregator plugin <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by WordFence in WordPress Plugin WP Event Aggregator versions = 1.8.7...

WordPress Community Events plugin <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'cevenuename' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.7...

WordPress Business Directory Plugin plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Listing Modification vulnerability discovered by Sein Linn in WordPress Plugin Business Directory versions = 6.4.20...

WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Event Modification via 'eventid' Parameter vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin EventPrime versions = 4.2.8.4...

WordPress WP-DownloadManager plugin <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read via 'downloadpath' Parameter vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.69...

WordPress Dam Spam plugin <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability discovered by Duong Quang Hao in WordPress Plugin Dam Spam versions = 1.0.8...

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability

Missing Authorization to Authenticated Shop Manager+ License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

WordPress Kali Forms plugin <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Form Data Exposure vulnerability discovered by Youssef Elouaer in WordPress Plugin Kali Forms versions = 2.4.8...

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation vulnerability

Missing Authorization to Authenticated Shop Manager+ Plugin Installation and Activation vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

WordPress YayMail plugin <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements vulnerability

Authenticated Shop Manager+ Stored Cross-Site Scripting via Template Elements vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

WordPress YayMail plugin <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action vulnerability

Missing Authorization to Authenticated Shop Manager+ Arbitrary Options Update via 'yaymailimportstate' AJAX Action vulnerability discovered by whizzu in WordPress Plugin YayMail – WooCommerce Email Customizer versions = 4.3.2...

WordPress Private Comment plugin <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Label Text Setting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Private Comment versions = 0.0.4...

WordPress InteractiveCalculator for WordPress plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'id' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin InteractiveCalculator for WordPress versions = 1.0.3...

WordPress Cart All In One For WooCommerce plugin <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting vulnerability

Authenticated Administrator+ Code Injection via 'scassignpage' Setting vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Cart All In One For WooCommerce versions = 1.1.21...

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter vulnerability

Authenticated Contributor+ Server-Side Request Forgery via 'endpoint' Parameter vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability

Missing Authorization to Authenticated Contributor+ Unauthorized Media Upload vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

WordPress Taskbuilder plugin <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Project/Task Comment Creation vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Taskbuilder versions = 5.0.2...