WordPress Reuters Direct plugin <= 3.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Reuters Direct versions = 3.0.0...

WordPress Add Custom Codes plugin <= 4.80 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Add Custom Codes versions = 4.80...

WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin Serial Codes Generator and Validator with WooCommerce Support versions = 2.8.2...

WordPress WP Attachments plugin <= 5.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WP Attachments versions = 5.2...

WordPress EasyIndex plugin <= 1.1.1704 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin EasyIndex versions = 1.1.1704...

WordPress OpenHook plugin <= 4.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin OpenHook versions = 4.3.1...

WordPress Contact Form Widget plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Contact Form Widget versions = 1.5.1...

WordPress WP Advanced PDF plugin <= 1.1.7 - Other vulnerability Type vulnerability

Other vulnerability Type vulnerability discovered by NumeX in WordPress Plugin WP Advanced PDF versions = 1.1.7...

WordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.28 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Core Web Vitals & PageSpeed Booster versions = 1.0.28...

WordPress Black Rider theme <= 1.2.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Theme Black Rider versions = 1.2.3...

WordPress Black Rider theme <= 1.2.3 - Sensitive Data Exposure vulnerability

Software : Black Rider Type : Theme Vulnerable versions : = 1.2.3 OWASP Top 10 : A3: Sensitive Data Exposure Classification : Sensitive Data Exposure CVE ID : CVE-2025-59003 Patchstack priority : Medium CVSS severity : 5.8 Required privilege : Unauthenticated Developer : Claim ownership PSID :...

WordPress Add Featured Image Custom Link plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Add Featured Image Custom Link versions = 2.0.0...

WordPress Logo Slider , Logo Carousel , Logo showcase , Client Logo plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Logo Slider , Logo Carousel , Logo showcase , Client Logo versions = 1.8.1...

WordPress WP Post Signature plugin <= 0.4.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin WP Post Signature versions = 0.4.1...

WordPress WooCommerce Parcelas plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WooCommerce Parcelas versions = 1.3.5...

WordPress Locatoraid Store Locator plugin <= 3.9.67 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Zeeshan Haider in WordPress Plugin Locatoraid Store Locator versions = 3.9.67...

WordPress Post Video Players plugin <= 1.163 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Post Video Players versions = 1.163...

WordPress Add Custom Codes plugin <= 4.80 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Certus Cybersecurity in WordPress Plugin Add Custom Codes versions = 4.80...

WordPress Bootstrap Modals plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Bootstrap Modals versions = 1.3.2...

WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Maximum Products per User for WooCommerce versions = 4.4.3...

WordPress SEO Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SEO Slider versions = 1.1.1...

WordPress Postie plugin <= 1.9.73 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Postie versions = 1.9.73...

WordPress Extra Shortcodes plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Extra Shortcodes versions = 2.2...

WordPress Audiomack plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Audiomack versions = 1.4.8...

WordPress Curator.io plugin <= 1.9.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Curator.io versions = 1.9.5...

WordPress AdWords Conversion Tracking Code plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin AdWords Conversion Tracking Code versions = 1.0...

WordPress Livemesh Addons for Beaver Builder plugin <= 3.9.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Livemesh Addons for Beaver Builder versions = 3.9.2...

WordPress Custom Background Changer plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Custom Background Changer versions = 3.0...

WordPress MyBookTable Bookstore plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin MyBookTable Bookstore versions = 3.6.0...

WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Skalucy in WordPress Plugin Newsletters versions = 4.11...

WordPress Page Title Splitter plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Page Title Splitter versions = 2.5.9...

WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Web and WooCommerce Addons for WPBakery Builder versions = 1.5...

WordPress Content Fetcher plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Content Fetcher versions = 1.1...

WordPress User Specific Content plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Specific Content versions = 1.0.6...

WordPress Calendar.online / Kalender.digital plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Kalender.digital versions = 1.0.13...

WordPress Responsive Block Control plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Responsive Block Control versions = 1.3.0...

WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Denver Jackson in WordPress Plugin Follow My Blog Post versions = 2.4.0...

WordPress The Moneytizer plugin <= 10.0.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin The Moneytizer versions = 10.0.9...

WordPress WebMan Amplifier plugin <= 1.5.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WebMan Amplifier versions = 1.5.12...

WordPress Minamaze theme <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Minamaze versions = 1.10.1...

WordPress Minamaze theme <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Software : Minamaze Type : Theme Vulnerable versions : = 1.10.1 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62991 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : 8aa231bb7ea9 Credits :...

WordPress Infility Global plugin <= 2.14.51 - SQL Injection vulnerability

SQL Injection vulnerability discovered by mcdruid in WordPress Plugin Infility Global versions = 2.14.51...

WordPress Effect Maker plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Effect Maker versions = 1.2.1...

WordPress JobBank plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin JobBank versions = 1.2.2...

WordPress Photo Gallery plugin <= 2.7.7.26 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Photo Gallery versions = 2.7.7.26...

WordPress Arlo theme <= 6.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Arlo versions = 6.0.3...

WordPress Sound | Musical Instruments Online Store theme <= 1.6.9 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sound | Musical Instruments Online Store versions = 1.6.9...

WordPress Malta theme <= 1.3.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Malta versions = 1.3.3...

WordPress Hobo theme <= 1.0.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Hobo versions = 1.0.10...

WordPress Modern Housewife theme <= 1.0.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Modern Housewife versions = 1.0.12...