WordPress Yolox theme <= 1.0.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Yolox versions = 1.0.15...

WordPress Pearson Specter theme <= 1.11.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Pearson Specter versions = 1.11.3...

WordPress Piqes theme <= 1.0.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Piqes versions = 1.0.11...

WordPress Prider theme <= 1.1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Prider versions = 1.1.3.1...

WordPress TanTum theme <= 1.1.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme TanTum versions = 1.1.13...

WordPress Tornados theme <= 2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tornados versions = 2.1...

WordPress Muji theme <= 1.2.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Muji versions = 1.2.0...

WordPress Tails theme <= 1.4.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Tails versions = 1.4.12...

WordPress Indoor Plants theme <= 1.2.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Indoor Plants versions = 1.2.7...

WordPress Snow Mountain theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Snow Mountain versions = 1.4.3...

WordPress Pets Land theme <= 1.2.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Pets Land versions = 1.2.8...

WordPress Weedles theme <= 1.1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Weedles versions = 1.1.12...

WordPress MoveMe theme <= 1.2.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme MoveMe versions = 1.2.15...

WordPress uReach theme <= 1.3.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme uReach versions = 1.3.3...

WordPress DiveIt theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme DiveIt versions = 1.4.3...

WordPress PartyMaker theme <= 1.1.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme PartyMaker versions = 1.1.15...

WordPress Eldon theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Eldon versions = 1.0...

WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Bonds in WordPress Plugin BM Content Builder versions 3.16.3.3...

WordPress Hotel Listing plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Hotel Listing versions = 1.4.0...

WordPress Super Logos Showcase plugin <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Super Logos Showcase versions = 2.8...

WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Universal Video Player versions = 3.8.4...

WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Consulting versions = 1.5.0...

WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Software : Consulting Type : Theme Vulnerable versions : = 1.5.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-63032 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : d51407236b71 Credits :...

WordPress Zoho ZeptoMail plugin <= 3.3.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Zoho ZeptoMail versions = 3.3.1...

WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Melos versions = 1.6.0...

WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Software : Melos Type : Theme Vulnerable versions : = 1.6.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62136 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : c0fa8aca5616 Credits : Peter...

WordPress Everest Backup plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Everest Backup versions = 2.3.9...

WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Shuttle versions = 1.5.0...

WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Software : Shuttle Type : Theme Vulnerable versions : = 1.5.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62137 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : af47e07068e3 Credits : Pet...

WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Funnelforms Free versions = 3.8...

WordPress Series plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Series versions = 2.0.1...

WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BuddyPress Activity Shortcode versions = 1.1.8...

WordPress Sermon Manager plugin <= 2.30.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Sermon Manager versions = 2.30.0...

WordPress MX Time Zone Clocks plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin MX Time Zone Clocks versions = 5.1.1...

WordPress WordPress Tooltips plugin <= 10.9.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin WordPress Tooltips versions = 10.9.3...

WordPress Knowledge Base documentation & wiki plugin – BasePress plugin <= 2.17.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Knowledge Base documentation & wiki plugin – BasePress versions = 2.17.0.1...

WordPress ListingPro Reviews theme <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin ListingPro Reviews versions 2.9.11...

WordPress Knowband Mobile App Builder for wooCommerce plugin < 3.0.0 - Unauthenticated Arbitrary User Deletion vulnerability

Unauthenticated Arbitrary User Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Knowband Mobile App Builder versions 3.0.0...

WordPress Ultimate Post Kit plugin < 4.0.16 - Unauthenticated Arbitrary Post Content Disclosure vulnerability

Unauthenticated Arbitrary Post Content Disclosure vulnerability discovered by Drtime in WordPress Plugin Ultimate Post Kit versions 4.0.16...

WordPress WP Email Capture plugin <= 3.12.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Arif Shaikh in WordPress Plugin WP Email Capture versions = 3.12.5...

WordPress Custom Style plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Custom Style versions = 1.0...

WordPress Noindex by Path plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Noindex by Path versions = 1.0...

WordPress Custom Post Status plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Skalucy in WordPress Plugin Custom Post Status versions = 1.1.0...

WordPress Recent Posts From Each Category plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Recent Posts From Each Category versions = 1.4...

WordPress Social Profilr plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Social Profilr versions = 1.0...

WordPress SensitiveTagCloud plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin SensitiveTagCloud versions = 1.4.1...

WordPress WP-EasyArchives plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin WP-EasyArchives versions = 3.1.2...

WordPress Simple Archive Generator plugin <= 5.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy in WordPress Plugin Simple Archive Generator versions = 5.2...

WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Behance Portfolio Manager versions = 1.7.5...

WordPress Pure WC Variation Swatches plugin <= 1.1.7 - Unauthenticated Settings Update vulnerability

Unauthenticated Settings Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Pure WC Variation Swatches versions = 1.1.7...