WordPress Keybase.io Verification plugin <= 1.4.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Keybase.io Verification versions = 1.4.5...

WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Peppol Identifier Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce PDF Invoices & Packing Slips versions = 5.6.0...

WordPress Membership Plugin - Restrict Content plugin <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.18 - Authenticated Administrator+ Stored Cross-Site Scripting via Invoice Settings vulnerability discovered by Miguel Santareno in WordPress Plugin Restrict Content versions = 3.2.18...

WordPress WP Plugin Info Card plugin <= 6.2.0 - Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability

Cross-Site Request Forgery to Arbitrary Custom Plugin Entry Creation vulnerability discovered by Duong Quang Hao in WordPress Plugin WP Plugin Info Card versions = 6.2.0...

WordPress VK All in One Expansion Unit plugin <= 9.112.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SNS Title vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SNS Title vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin VK All in One Expansion Unit versions = 9.112.3...

WordPress Tickera - WordPress Event Ticketing plugin <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update vulnerability

WordPress Tickera - WordPress Event Ticketing plugin = 3.5.6.4 - Missing Authorization to Authenticated Subscriber+ Event/Post Status Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Tickera versions = 3.5.6.4...

WordPress Popup Box - Easily Create WordPress Popups plugin <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Popup Box - Easily Create WordPress Popups plugin = 3.2.12 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Popup Box versions = 3.2.12...

WordPress Context Blog theme <= 1.2.5 - Unauthenticated Private Post Disclosure vulnerability

Unauthenticated Private Post Disclosure vulnerability discovered by jsonc in WordPress Theme Context Blog versions = 1.2.5...

WordPress Frontend User Notes plugin <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Note Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Frontend User Notes versions = 2.1.0...

WordPress Order Splitter for WooCommerce plugin <= 5.3.5 - Missing Authorization to Authenticated (Subscriber+) Order Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Order Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Order Splitter for WooCommerce versions = 5.3.5...

WordPress WP 404 Auto Redirect plugin <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Cody Sixteen in WordPress Plugin WP 404 Auto Redirect to Similar Post versions = 1.0.5...

WordPress Filestack plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Filestack versions = 2.0.8...

WordPress Frontend Post Submission Manager Lite plugin <= 1.2.7 - Unauthenticated Open Redirect via 'requested_page' Parameter vulnerability

Unauthenticated Open Redirect via 'requestedpage' Parameter vulnerability discovered by kr0d in WordPress Plugin Frontend Post Submission Manager Lite versions 1.0.0-1.2.7...

WordPress URL Shortify plugin <= 1.12.1 - Unauthenticated Open Redirect via 'redirect_to' Parameter vulnerability

Unauthenticated Open Redirect via 'redirectto' Parameter vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin URL Shortify versions = 1.12.1...

WordPress Display During Conditional Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via message Parameter vulnerability discovered by Gilang - DJ in WordPress Plugin Display During Conditional Shortcode versions = 1.2...

WordPress Simple Ajax Chat plugin <= 20251121 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Simple Ajax Chat versions = 20251121...

WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Academy LMS versions = 3.5.3...

WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0.1...

WordPress PixelYourSite plugin <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0...

WordPress Wolmart Core plugin <= 1.9.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Wolmart Core versions = 1.9.6...

WordPress Applay - Shortcodes plugin <= 3.7 - PHP Object Injection vulnerability

WordPress Applay - Shortcodes plugin = 3.7 - PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Applay - Shortcodes versions = 3.7...

WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerability

WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme = 1.3 - Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PawFriends - Pet Shop and Veterinary WordPress Theme versions = 1.3...

WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File Inclusion vulnerability

WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme = 1.3 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PawFriends - Pet Shop and Veterinary WordPress Theme versions = 1.3...

WordPress Frontend File Manager Plugin plugin <= 23.5 - Unauthenticated Arbitrary Email Sending vulnerability

Unauthenticated Arbitrary Email Sending vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Frontend File Manager versions = 23.5...

WordPress Wiguard theme < 2.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wiguard versions 2.0.1...

WordPress UnlimHost theme <= 1.2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme UnlimHost versions = 1.2.3...

WordPress Netmix theme <= 1.0.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Netmix versions = 1.0.10...

WordPress Blabber theme <= 1.7.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Blabber versions = 1.7.0...

WordPress Saveo theme <= 1.1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Saveo versions = 1.1.2...

WordPress Parkivia theme <= 1.1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Parkivia versions = 1.1.9...

WordPress Impacto Patronus theme <= 1.2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Impacto Patronus versions = 1.2.3...

WordPress Zio Alberto theme <= 1.2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Zio Alberto versions = 1.2.2...

WordPress Fooddy theme <= 1.3.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fooddy versions = 1.3.10...

WordPress Isida theme <= 1.4.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Isida versions = 1.4.2...

WordPress Gustavo theme <= 1.2.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gustavo versions = 1.2.2...

WordPress Marveland theme <= 1.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Marveland versions = 1.3.0...

WordPress Ironfit theme <= 1.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Ironfit versions = 1.5...

WordPress Redy theme <= 1.0.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Redy versions = 1.0.2...

WordPress Coworking theme <= 1.6.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Coworking versions = 1.6.1...

WordPress Jude theme <= 1.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Jude versions = 1.3.0...

WordPress Soleng theme <= 1.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Soleng versions = 1.0.5...

WordPress SevenTrees theme <=1.0.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SevenTrees versions =1.0.2...

WordPress Rhodos theme <= 1.3.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rhodos versions = 1.3.3...

WordPress Photolia theme <= 1.0.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Photolia versions = 1.0.3...

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'create_mollie_account' vulnerability

Missing Authorization in 'createmollieaccount' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

WordPress MP-Ukagaka plugin <= 1.5.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin MP-Ukagaka versions = 1.5.2...

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'create_mollie_profile' vulnerability

Missing Authorization in 'createmollieprofile' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

WordPress Super Page Cache plugin <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log vulnerability

Unauthenticated Stored Cross-Site Scripting via Activity Log vulnerability discovered by shark3y in WordPress Plugin Super Page Cache for Cloudflare versions = 5.2.2...

WordPress Geo Widet plugin <= 1.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Geo Widget versions = 1.0...

WordPress Address Bar Ads plugin <= 1.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Address Bar Ads versions = 1.0.0...