WordPress iSape plugin <= 0.72 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin iSape versions = 0.72...

WordPress Aardvark Plugin plugin <= 2.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Aardvark Plugin versions = 2.19...

WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin NextMove Lite versions = 2.23.0...

WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Directorist versions = 8.5.10...

WordPress افزونه پیامک حرفه ای فراز اس ام اس plugin <= 2.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin افزونه پیامک حرفه ای فراز اس ام اس versions = 2.7.3...

WordPress FluentCart plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by benzdeus in WordPress Plugin FluentCart versions 1.3.0...

WordPress Aardvark theme <= 4.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Aardvark versions = 4.6.3...

WordPress Save as PDF Plugin by PDFCrowd plugin <= 4.5.5 - Reflected Cross-Site Scripting via options vulnerability

Reflected Cross-Site Scripting via options vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Save as PDF versions = 4.5.5...

WordPress AhaChat Messenger Marketing plugin <= 1.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Yevgen Goncharuk in WordPress Plugin AhaChat Messenger Marketing versions = 1.1...

WordPress Hustle plugin <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upload via Module Import vulnerability

Authenticated Subscriber+ Arbitrary File Upload via Module Import vulnerability discovered by Williwollo CybrX in WordPress Plugin Hustle versions = 7.8.9.2...

WordPress WP Go Maps (formerly WP Google Maps) plugin <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Map Engine Setting Modification vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin WP Go Maps versions = 10.0.04...

WordPress WP Directory Kit plugin <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action vulnerability

Unauthenticated Email Exposure via wdkpublicaction vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin WP Directory Kit versions = 1.4.9...

WordPress Responsive Header Plugin plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Settings Parameters vulnerability discovered by 0x34rth in WordPress Plugin Responsive Header versions = 1.0...

WordPress Friendly Functions for Welcart plugin <= 1.2.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Kai Aizen in WordPress Plugin Friendly Functions for Welcart versions = 1.2.5...

WordPress JavaScript Notifier plugin <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin JavaScript Notifier versions = 1.2.8...

WordPress Recipe Card Blocks plugin < 3.4.13 - Contributor+ SQLi vulnerability

Contributor+ SQLi vulnerability discovered by Purachai Phonwisut in WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor versions 3.4.13...

WordPress Link Invoice Payment for WooCommerce plugin <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation vulnerability

Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Invoice Payment for WooCommerce versions = 2.8.0...

WordPress TS Poll plugin <= 2.5.5 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Jakub Herman in WordPress Plugin TS Poll versions = 2.5.5...

WordPress Meta-box GalleryMeta plugin <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management vulnerability

Missing Authorization to Authenticated Author+ Gallery Management vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Meta-box GalleryMeta versions = 3.0.1...

WordPress Postalicious plugin <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Postalicious versions = 3.0.1...

WordPress Meta-box GalleryMeta plugin <= 3.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Image Caption vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Image Caption vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Meta-box GalleryMeta versions = 3.0.1...

WordPress Kama Thumbnail plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Kama Thumbnail versions = 3.5.1...

WordPress WP Subscribe plugin <= 1.2.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WP Subscribe versions = 1.2.16...

WordPress WP FullCalendar plugin <= 1.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin WP FullCalendar versions = 1.6...

WordPress Nexter Blocks plugin <= 4.6.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Nexter Blocks versions = 4.6.3...

WordPress Tablesome plugin <= 1.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Tablesome versions = 1.2.3...

WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WiserReview Product Reviews for WooCommerce versions = 2.9...

WordPress CLP Varnish Cache plugin <= 1.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin CLP Varnish Cache versions = 1.0.2...

WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Email Inquiry & Cart Options for WooCommerce versions = 3.4.3...

WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Nova Blocks versions = 2.1.9...

WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin Gallery PhotoBlocks versions = 1.3.2...

WordPress Schedula plugin <= 1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ty5ona in WordPress Plugin Schedula versions = 1.0...

WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability

WordPress User Submitted Posts - Enable Users to Submit Posts from the Front End plugin = 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field vulnerability discovered by Balamurugan R in WordPress Plugin User Submitted Posts versions = 20251210...

WordPress MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value vulnerability

WordPress MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin = 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value vulnerability discovered by type5afe in WordPress Plugin Metform versions = 4.1.0...

WordPress JustClick registration plugin plugin <= 0.1 - Reflected Cross-Site Scripting via PHP_SELF vulnerability

Reflected Cross-Site Scripting via PHPSELF vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin JustClick registration plugin versions = 0.1...

WordPress Frontis Blocks plugin <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'url' Parameter vulnerability discovered by WordFence in WordPress Plugin Frontis Blocks versions = 1.1.6...

WordPress Kalrav AI Agent plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload via kalrav_upload_file AJAX Action vulnerability

Unauthenticated Arbitrary File Upload via kalravuploadfile AJAX Action vulnerability discovered by Ryan Kozak in WordPress Plugin Kalrav AI Agent versions = 2.3.3...

WordPress Quick Restaurant Reservations plugin <= 1.6.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Quick Restaurant Reservations versions = 1.6.7...

WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin CartFlows versions = 2.1.19...

WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WebP Conversion versions = 2.2...

WordPress hCaptcha for WP plugin <= 4.22.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by suyoung kim AhnLab in WordPress Plugin hCaptcha for WP versions = 4.22.0...

WordPress WP Bannerize Pro plugin <= 1.11.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin WP Bannerize Pro versions = 1.11.0...

WordPress Prowess theme <= 2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Prowess versions = 2.3...

WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Custom Admin Interface versions = 7.41...

WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin SiteLock Security – WP Hardening, Login Security & Malware Scans versions = 5.0.2...

WordPress Share This Image plugin <= 2.09 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Share This Image versions = 2.09...

WordPress TOP Table Of Contents plugin <= 1.3.31 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin TOP Table Of Contents versions = 1.3.31...

WordPress Booter plugin <= 1.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Booter versions = 1.5.7...

WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Automatic Featured Images from Videos versions = 1.2.7...

WordPress Hustle plugin <= 7.8.9.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Bao - BlueRock in WordPress Plugin Hustle versions = 7.8.9.2...