45686 matches found
WordPress Calafate theme <= 1.7.7 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Calafate versions = 1.7.7...
WordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Holmes versions = 1.7...
WordPress Fleur theme <= 2.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fleur versions = 2.0...
WordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Fiorello versions = 1.0...
WordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Curly versions = 3.3...
WordPress Cocco theme <= 1.5.1 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cocco versions = 1.5.1...
WordPress Owl Carousel WP plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by NumeX in WordPress Plugin Owl Carousel WP versions = 2.2.2...
WordPress Aruba HiSpeed Cache plugin < 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Aruba HiSpeed Cache versions 3.0.3...
WordPress FreeAgent theme <= 2.1.2 - Local File Inclusion vulnerability
Software : FreeAgent Type : Theme Vulnerable versions : = 2.1.2 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69087 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 3c336586e5ba Credits :...
WordPress FreeAgent theme <= 2.1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FreeAgent versions = 2.1.2...
WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability
Software : Issabella Type : Theme Vulnerable versions : = 1.1.2 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69086 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 1e3ff6a668aa Credits :...
WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Issabella versions = 1.1.2...
WordPress Frappé theme <= 1.8 - Local File Inclusion vulnerability
Software : Frappé Type : Theme Vulnerable versions : = 1.8 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69083 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 5c47b6166cd2 Credits : Tran...
WordPress Frappé theme <= 1.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Frappé versions = 1.8...
WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability
Software : Hope Type : Theme Vulnerable versions : = 3.0.0 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69081 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : ThemeREX Group PSID : eff7033e0272 Credits : Tran...
WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Hope versions = 3.0.0...
WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability
Software : Gecko Type : Theme Vulnerable versions : = 1.9.8 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69080 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 0d458b5a65e6 Credits : Tran...
WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gecko versions = 1.9.8...
WordPress Comments - wpDiscuz plugin < 7.6.40 - Unauthenticated Account Takeover vulnerability
WordPress Comments - wpDiscuz plugin 7.6.40 - Unauthenticated Account Takeover vulnerability discovered by wcraft in WordPress Plugin wpDiscuz versions 7.6.40...
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability
WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.35 - Authenticated Contributor+ Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.35...
WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WeDesignTech Ultimate Booking Addon versions = 1.0.3...
WordPress User Submitted Posts plugin <= 20251121 - Open Redirection vulnerability
Open Redirection vulnerability discovered by benzdeus in WordPress Plugin User Submitted Posts versions = 20251121...
WordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Worker for Elementor versions = 1.0.10...
WordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Logger for Elementor versions = 1.0.9...
WordPress Worker for WPBakery plugin <= 1.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Worker for WPBakery versions = 1.1.1...
WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Appender versions = 1.1.1...
WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO in WordPress Plugin Conformer for Elementor versions = 1.0.7...
WordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin UnGrabber versions = 3.1.3...
WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Countdowner for Elementor versions = 1.0.4...
WordPress Criptopayer for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Criptopayer for Elementor versions = 1.0.1...
WordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Headinger for Elementor versions = 1.1.4...
WordPress Accessibility Press plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by HunSec in WordPress Plugin Accessibility Press versions = 1.0.2...
WordPress Dashboard Beacon plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by HunSec in WordPress Plugin Dashboard Beacon versions = 1.2.0...
WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin Behance Portfolio Manager versions = 1.7.5...
WordPress Cooked plugin <= 1.11.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by ch1mk in WordPress Plugin Cooked versions = 1.11.3...
WordPress Genemy theme <= 1.6.6 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Genemy versions = 1.6.6...
WordPress WordPress & WooCommerce Scraper plugin, Import Data from Any Site plugin <= 1.0.7 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site versions = 1.0.7...
WordPress Genemy theme <= 1.6.6 - Server Side Request Forgery (SSRF) vulnerability
Software : Genemy Type : Theme Vulnerable versions : = 1.6.6 OWASP Top 10 : A10: Server-Side Request Forgery SSRF Classification : Server Side Request Forgery SSRF CVE ID : CVE-2025-59138 Patchstack priority : Low CVSS severity : 4.9 Required privilege : Subscriber Developer : Claim ownership PSI...
WordPress Couponer for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Couponer for Elementor versions = 1.1.7...
WordPress Questionar for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Questionar for Elementor versions = 1.1.7...
WordPress Watcher for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Watcher for Elementor versions = 1.0.9...
WordPress Gmaper for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Gmaper for Elementor versions = 1.0.9...
WordPress Sliper for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Sliper for Elementor versions = 1.0.10...
WordPress Select Graphist for Elementor Graphist for Elementor plugin <= 1.2.10 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Select Graphist for Elementor Graphist for Elementor versions = 1.2.10...
WordPress Walker for Elementor plugin <= 1.1.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Walker for Elementor versions = 1.1.6...
WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Valenti Engine versions = 1.0.3...
WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rooting in WordPress Plugin AnyComment versions = 0.3.6...
WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Signature Add-On for Gravity Forms versions = 1.8.6...
WordPress Pardakht Delkhah plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Pardakht Delkhah versions = 3.0.0...
WordPress Direct Payments WP plugin <= 1.3.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by powpy in WordPress Plugin Direct Payments WP versions = 1.3.0...