WordPress Travelpayouts plugin <= 1.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Travelpayouts versions = 1.2.1...

WordPress Konte theme <= 2.4.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Theme Konte versions = 2.4.6...

WordPress ID Arrays plugin <= 2.1.2 - POST-Based Reflected Cross Site Scripting (XSS) vulnerability

POST-Based Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin ID Arrays versions = 2.1.2...

WordPress Shiprocket plugin <= 2.0.8 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by NumeX in WordPress Plugin Shiprocket versions = 2.0.8...

WordPress SOHO - Photography WordPress Theme theme <= 3.0.3 - Cross Site Scripting (XSS) vulnerability

WordPress SOHO - Photography WordPress Theme theme = 3.0.3 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme SOHO - Photography WordPress Theme versions = 3.0.3...

WordPress Cookiebot plugin <= 4.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Cookiebot versions = 4.6.4...

WordPress Broken Link Notifier plugin <= 1.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Broken Link Notifier versions = 1.3.5...

WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin SupportCandy versions = 3.4.4...

WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin B Slider versions = 2.0.6...

WordPress Nelio Popups plugin <= 1.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Nelio Popups versions = 1.3.5...

WordPress WP Adminify plugin <= 4.0.7.7 - Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability

Unauthenticated Sensitive Information Exposure via 'get-addons-list' REST API vulnerability discovered by ibrahimsql in WordPress Plugin WP Adminify versions = 4.0.7.7...

WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Tristan Jay Neale in WordPress Plugin UsersWP versions = 1.2.53...

WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by You Ludwig in WordPress Plugin Elementor Contact Form DB versions = 2.1.3...

WordPress JAMstack Deployments plugin <= 1.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin JAMstack Deployments versions = 1.1.1...

WordPress WP-CORS plugin <= 0.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP-CORS versions = 0.2.2...

WordPress EventPrime plugin <= 4.2.8.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin EventPrime versions = 4.2.8.0...

WordPress Zita Elementor Site Library plugin <= 1.6.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Zita Elementor Site Library versions = 1.6.6...

WordPress Revision Manager TMC plugin <= 2.8.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Revision Manager TMC versions = 2.8.22...

WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Enter Addons versions = 2.3.2...

WordPress Quiz And Survey Master plugin <= 10.3.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Quiz And Survey Master versions = 10.3.1...

WordPress Advanced iFrame plugin <= 2025.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Advanced iFrame versions = 2025.10...

WordPress Oyster - Photography WordPress Theme theme <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

WordPress Oyster - Photography WordPress Theme theme = 4.4.3 - Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Oyster - Photography WordPress Theme versions = 4.4.3...

WordPress WPBookit Pro plugin <= 1.6.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin WPBookit Pro versions = 1.6.18...

WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin News Kit Elementor Addons versions = 1.4.2...

WordPress Emerce Core plugin <= 1.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Emerce Core versions = 1.8...

WordPress Uroan Core plugin <= 1.4.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Uroan Core versions = 1.4.4...

WordPress Woodly Core plugin <= 1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Woodly Core versions = 1.4...

WordPress Saasplate Core plugin <= 1.2.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Saasplate Core versions = 1.2.8...

WordPress Nestbyte Core plugin <= 1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Nestbyte Core versions = 1.2...

WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Bit Form versions = 2.21.10...

WordPress UpsellWP plugin <= 2.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin UpsellWP versions = 2.2.3...

WordPress MailerLite plugin <= 1.7.18 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin MailerLite versions = 1.7.18...

WordPress Educare plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Educare versions = 1.6.1...

WordPress WP Recipe Maker plugin <= 10.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WP Recipe Maker versions = 10.2.4...

WordPress ModelTheme Framework plugin <= 1.9.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ModelTheme Framework versions = 1.9.2...

WordPress Medinik Core plugin <= 1.3.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Medinik Core versions = 1.3.6...

WordPress Electio Core plugin <= 1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Electio Core versions = 1.4...

WordPress Sendy plugin <= 3.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sendy versions = 3.4.2...

WordPress EmailKit plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin EmailKit versions = 1.6.2...

WordPress Vzaar Media Management plugin <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Vzaar Media Management versions = 1.2...

WordPress TelSender plugin <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title vulnerability

Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title vulnerability discovered by Kai Aizen in WordPress Plugin TelSender versions = 1.14.14...

WordPress SEO Links Interlinking plugin <= 1.7.5 - Reflected Cross-Site Scripting via 'google_error' Parameter vulnerability

Reflected Cross-Site Scripting via 'googleerror' Parameter vulnerability discovered by johska in WordPress Plugin SEO Links Interlinking versions = 1.7.5...

WordPress AI Engine plugin <= 3.3.2 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by type5afe in WordPress Plugin AI Engine versions = 3.3.2...

WordPress VidShop plugin <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields' vulnerability

Unauthenticated Time-Based SQL Injection via 'fields' vulnerability discovered by WordFence in WordPress Plugin VidShop versions = 1.1.4...

WordPress Snow Monkey Forms plugin <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability

Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Snow Monkey Forms versions = 12.0.3...

WordPress New User Approve plugin <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure vulnerability

Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure vulnerability discovered by Deadbee - NA in WordPress Plugin New User Approve versions = 3.2.2...

WordPress Search Atlas SEO plugin 2.4.4 - 2.5.12 - Missing Authorization to Authenticated (Subscriber+) Authentication Bypass via Account Takeover vulnerability

WordPress Search Atlas SEO plugin 2.4.4 - 2.5.12 - Missing Authorization to Authenticated Subscriber+ Authentication Bypass via Account Takeover vulnerability discovered by kr0d in WordPress Plugin Search Atlas SEO versions 2.4.4-2.5.12...

WordPress Popularis Extra plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Popularis Extra versions = 1.2.10...

WordPress Stop Spammers Classic plugin <= 2026.1 - Cross-Site Request Forgery via Email Allowlist vulnerability

Cross-Site Request Forgery via Email Allowlist vulnerability discovered by JoanClarke2 in WordPress Plugin Stop Spammers versions = 2026.1...

WordPress Passster plugin <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Passster versions = 4.2.24...