PHP
Monthly
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1. [CVSS 7.5 HIGH]
vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor is affected by missing authorization (CVSS 7.1).
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 7.5 HIGH]
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 8.6 HIGH]
XforWooCommerce Product Filter for WooCommerce prdctfltr contains a security vulnerability (CVSS 7.3).
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 7.7 HIGH]
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 8.6 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog - Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog - Elementor Blog And Magazine Addons: from n/a through <= 2.0.3. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7. [CVSS 7.5 HIGH]
GT3themes SOHO - Photography WordPress Theme soho is affected by cross-site scripting (xss) (CVSS 7.1).
GT3themes Oyster - Photography WordPress Theme oyster is affected by cross-site scripting (xss) (CVSS 7.1).
magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce is affected by deserialization of untrusted data (CVSS 8.8).
Basix NEX-Forms nex-forms-express-wp-form-builder is affected by cross-site scripting (xss) (CVSS 7.1).
primersoftware Primer MyData for Woocommerce primer-mydata contains a security vulnerability (CVSS 5.3).
Basix NEX-Forms nex-forms-express-wp-form-builder is affected by cross-site scripting (xss) (CVSS 7.1).
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2. [CVSS 7.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through < 1.5.9. [CVSS 8.1 HIGH]
Bas Schuiling FeedWordPress Advanced Filters faf is affected by cross-site scripting (xss) (CVSS 7.1).
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack - Complete Elementor Addons, Theme & CPT Builder topper-pack allows PHP Local File Inclusion.This issue affects TopperPack - Complete Elementor Addons, Theme & CPT Builder: from n/a through <= 1.2.1. [CVSS 7.5 HIGH]
Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.3.5. [CVSS 6.5 MEDIUM]
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.
WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product is affected by php remote file inclusion (CVSS 6.3).
Unrestricted file upload in Wiguard (wiguard) WordPress theme allows uploading web shells for remote code execution.
PHP Remote File Inclusion in Nika WordPress theme by thembay.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14. [CVSS 8.1 HIGH]
Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce is affected by cross-site scripting (xss) (CVSS 7.1).
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0. [CVSS 6.5 MEDIUM]
Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart is affected by missing authorization (CVSS 6.5).
Missing Authorization vulnerability in Addonify Addonify - WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify - WooCommerce Wishlist: from n/a through <= 2.0.15. [CVSS 6.5 MEDIUM]
Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through <= 1.1.17. [CVSS 6.5 MEDIUM]
soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce is affected by missing authorization (CVSS 6.3).
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1. [CVSS 8.1 HIGH]
vanquish User Extra Fields wp-user-extra-fields is affected by cross-site scripting (xss) (CVSS 7.1).
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. [CVSS 8.1 HIGH]
Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4. [CVSS 7.5 HIGH]
knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce is affected by missing authorization (CVSS 6.5).
Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon is affected by php remote file inclusion (CVSS 8.1).
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Wizard Cloak wp-wizard-cloak allows Reflected XSS.This issue affects WP Wizard Cloak: from n/a through <= 1.0.1. [CVSS 7.1 HIGH]
Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2. [CVSS 7.6 HIGH]
SQL injection in LibreNMS versions 25.12.0 and below allows authenticated users to extract sensitive database information through time-based blind SQL injection in the address-search function. An attacker with valid credentials can manipulate the subnet prefix parameter to bypass query logic and infer data through conditional timing responses. Public exploit code exists for this vulnerability; upgrade to version 26.2.0 or later to remediate.
SQL injection in LibreNMS 25.12.0 and below. PoC and patch available.
PHP Local File Inclusion in Airtifact versions up to 1.2.91 permits authenticated attackers to read arbitrary files on the server through improper validation of include/require statements. With low privileges required and no user interaction necessary, an attacker can leverage this vulnerability to access sensitive configuration files or application source code. No patch is currently available for this vulnerability.
villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer is affected by php remote file inclusion (CVSS 7.5).
cmsmasters CMSMasters Content Composer cmsmasters-content-composer is affected by php remote file inclusion (CVSS 7.5).
Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter.
SQL injection in Patient Record Management System 1.0 via the comp_id parameter in /fecalysis_not.php enables authenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction.
SQL injection in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/manage_register.php, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for unpatched deployments.
SQL injection in itsourcecode Event Management System 1.0's admin login endpoint allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to potentially extract sensitive data or compromise system integrity. No patch is currently available for affected PHP installations.
SQL injection in itsourcecode Event Management System 1.0's booking management interface allows unauthenticated remote attackers to manipulate database queries via the ID parameter in /admin/manage_booking.php. Public exploit code exists for this vulnerability, enabling potential unauthorized data access and modification. No patch is currently available to address this high-severity flaw affecting PHP-based deployments.
The Dealia - Request a quote WordPress plugin fails to properly validate user permissions on AJAX endpoints, allowing authenticated users with Contributor-level access or higher to reset plugin configuration by exploiting an exposed admin nonce. An attacker with basic edit_posts capability can bypass the capability check and modify critical plugin settings without administrative privileges. The vulnerability affects all versions up to 1.0.6 and currently has no available patch.
Local File Inclusion in Prodigy Commerce WordPress plugin <= 3.2.9.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. [CVSS 8.8 HIGH]
The BackWPup - WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. [CVSS 7.2 HIGH]
The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the `vd_get_apikey` function which is hooked to `wp_ajax_virusdie_apikey`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve the site's Virusdie API key, which could be used to access the site owner's Virusdie account and potentially compromis...
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3_fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. [CVSS 7.2 HIGH]
The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspot_content' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. [CVSS 4.3 MEDIUM]
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup_widgets() function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. [CVSS 5.3 MEDIUM]
SEO Plugin by Squirrly SEO (WordPress plugin) versions up to 12.4.14. is affected by missing authorization (CVSS 4.3).
The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList() function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials() permission callback always returning true, providing no actual authentication. This makes it possible for unauthenticated attackers to modify the billing and shipping contact information (email and phone) of any WooCommerce order by knowing or...
OneClick Chat to Order (WordPress plugin) versions up to 1.0.9. is affected by missing authorization (CVSS 2.7).
The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||) instead of AND (&&), causing the validation to fail when the nonce field is not empty OR when verification fails, rather than when it's empty AND verification fails. This makes it possible for unauthenticated attackers to modify the plugin's post type slug removal settings via a forged request ...
The iXML - Google XML sitemap generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'iXML_email' parameter in all versions up to, and including, 0.6 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. [CVSS 5.3 MEDIUM]
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint `/wp-json/breeze/v1/clear-all-cache` being registered with `permission_callback => '__return_true'` and authentication being disabled by default when the API is enabled. This makes it possible for unauthenticated attackers to clear all site caches (page cache, Varnish, and Cloudflare) via a simple POST request,...
Privilege escalation via registration in Buyent Classified WordPress plugin.
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titl...
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
The s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
Apollo13 Framework Extensions (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
Album and Image Gallery plus Lightbox (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
WP AUDIO GALLERY (WordPress plugin) versions up to 2.0. is affected by missing authorization (CVSS 8.8).
The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. [CVSS 6.5 MEDIUM]
Privilege escalation in Lizza LMS Pro WordPress plugin <= 1.0.3.
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno_update_page_title. [CVSS 4.3 MEDIUM]
Country Blocker for AdSense (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer()` function logging the complete plugin options array to the browser console on public pages, without restricting output to privileged users or checking for debug mode. This makes it possible for unauthenticated attackers to view sensitive configuration data, including email addresses, accessiBe us...
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire_admin_install_plugin() function in all versions up to, and including, 1.0.57. [CVSS 4.3 MEDIUM]
mobile friendly marketing popups. versions up to 4.4.2. contains a security vulnerability (CVSS 5.3).
The StatCounter - Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The CTX Feed - WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. [CVSS 7.2 HIGH]
The Advanced Ads - Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()` function. [CVSS 4.3 MEDIUM]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1. [CVSS 7.5 HIGH]
vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor is affected by missing authorization (CVSS 7.1).
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 7.5 HIGH]
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 8.6 HIGH]
XforWooCommerce Product Filter for WooCommerce prdctfltr contains a security vulnerability (CVSS 7.3).
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 7.7 HIGH]
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 8.6 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog - Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog - Elementor Blog And Magazine Addons: from n/a through <= 2.0.3. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7. [CVSS 7.5 HIGH]
GT3themes SOHO - Photography WordPress Theme soho is affected by cross-site scripting (xss) (CVSS 7.1).
GT3themes Oyster - Photography WordPress Theme oyster is affected by cross-site scripting (xss) (CVSS 7.1).
magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce is affected by deserialization of untrusted data (CVSS 8.8).
Basix NEX-Forms nex-forms-express-wp-form-builder is affected by cross-site scripting (xss) (CVSS 7.1).
primersoftware Primer MyData for Woocommerce primer-mydata contains a security vulnerability (CVSS 5.3).
Basix NEX-Forms nex-forms-express-wp-form-builder is affected by cross-site scripting (xss) (CVSS 7.1).
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2. [CVSS 7.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through < 1.5.9. [CVSS 8.1 HIGH]
Bas Schuiling FeedWordPress Advanced Filters faf is affected by cross-site scripting (xss) (CVSS 7.1).
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack - Complete Elementor Addons, Theme & CPT Builder topper-pack allows PHP Local File Inclusion.This issue affects TopperPack - Complete Elementor Addons, Theme & CPT Builder: from n/a through <= 1.2.1. [CVSS 7.5 HIGH]
Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.3.5. [CVSS 6.5 MEDIUM]
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.
WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product is affected by php remote file inclusion (CVSS 6.3).
Unrestricted file upload in Wiguard (wiguard) WordPress theme allows uploading web shells for remote code execution.
PHP Remote File Inclusion in Nika WordPress theme by thembay.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14. [CVSS 8.1 HIGH]
Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce is affected by cross-site scripting (xss) (CVSS 7.1).
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0. [CVSS 6.5 MEDIUM]
Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart is affected by missing authorization (CVSS 6.5).
Missing Authorization vulnerability in Addonify Addonify - WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify - WooCommerce Wishlist: from n/a through <= 2.0.15. [CVSS 6.5 MEDIUM]
Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through <= 1.1.17. [CVSS 6.5 MEDIUM]
soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce is affected by missing authorization (CVSS 6.3).
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1. [CVSS 8.1 HIGH]
vanquish User Extra Fields wp-user-extra-fields is affected by cross-site scripting (xss) (CVSS 7.1).
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15. [CVSS 8.1 HIGH]
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. [CVSS 8.1 HIGH]
Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4. [CVSS 7.5 HIGH]
knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce is affected by missing authorization (CVSS 6.5).
Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon is affected by php remote file inclusion (CVSS 8.1).
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Wizard Cloak wp-wizard-cloak allows Reflected XSS.This issue affects WP Wizard Cloak: from n/a through <= 1.0.1. [CVSS 7.1 HIGH]
Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2. [CVSS 7.6 HIGH]
SQL injection in LibreNMS versions 25.12.0 and below allows authenticated users to extract sensitive database information through time-based blind SQL injection in the address-search function. An attacker with valid credentials can manipulate the subnet prefix parameter to bypass query logic and infer data through conditional timing responses. Public exploit code exists for this vulnerability; upgrade to version 26.2.0 or later to remediate.
SQL injection in LibreNMS 25.12.0 and below. PoC and patch available.
PHP Local File Inclusion in Airtifact versions up to 1.2.91 permits authenticated attackers to read arbitrary files on the server through improper validation of include/require statements. With low privileges required and no user interaction necessary, an attacker can leverage this vulnerability to access sensitive configuration files or application source code. No patch is currently available for this vulnerability.
villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer is affected by php remote file inclusion (CVSS 7.5).
cmsmasters CMSMasters Content Composer cmsmasters-content-composer is affected by php remote file inclusion (CVSS 7.5).
Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in Lewe WebMeasure, which allows remote attackers to execute arbitrary code through the 'page' parameter.
SQL injection in Patient Record Management System 1.0 via the comp_id parameter in /fecalysis_not.php enables authenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but no user interaction.
SQL injection in itsourcecode Event Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/manage_register.php, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for unpatched deployments.
SQL injection in itsourcecode Event Management System 1.0's admin login endpoint allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to potentially extract sensitive data or compromise system integrity. No patch is currently available for affected PHP installations.
SQL injection in itsourcecode Event Management System 1.0's booking management interface allows unauthenticated remote attackers to manipulate database queries via the ID parameter in /admin/manage_booking.php. Public exploit code exists for this vulnerability, enabling potential unauthorized data access and modification. No patch is currently available to address this high-severity flaw affecting PHP-based deployments.
The Dealia - Request a quote WordPress plugin fails to properly validate user permissions on AJAX endpoints, allowing authenticated users with Contributor-level access or higher to reset plugin configuration by exploiting an exposed admin nonce. An attacker with basic edit_posts capability can bypass the capability check and modify critical plugin settings without administrative privileges. The vulnerability affects all versions up to 1.0.6 and currently has no available patch.
Local File Inclusion in Prodigy Commerce WordPress plugin <= 3.2.9.
The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. [CVSS 8.8 HIGH]
The BackWPup - WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. [CVSS 7.2 HIGH]
The Advanced Custom Fields: Font Awesome Field plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the `vd_get_apikey` function which is hooked to `wp_ajax_virusdie_apikey`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve the site's Virusdie API key, which could be used to access the site owner's Virusdie account and potentially compromis...
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3_fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. [CVSS 7.2 HIGH]
The Image Hotspot by DevVN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hotspot_content' custom field meta in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. [CVSS 4.3 MEDIUM]
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup_widgets() function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. [CVSS 5.3 MEDIUM]
SEO Plugin by Squirrly SEO (WordPress plugin) versions up to 12.4.14. is affected by missing authorization (CVSS 4.3).
The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList() function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials() permission callback always returning true, providing no actual authentication. This makes it possible for unauthenticated attackers to modify the billing and shipping contact information (email and phone) of any WooCommerce order by knowing or...
OneClick Chat to Order (WordPress plugin) versions up to 1.0.9. is affected by missing authorization (CVSS 2.7).
The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||) instead of AND (&&), causing the validation to fail when the nonce field is not empty OR when verification fails, rather than when it's empty AND verification fails. This makes it possible for unauthenticated attackers to modify the plugin's post type slug removal settings via a forged request ...
The iXML - Google XML sitemap generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'iXML_email' parameter in all versions up to, and including, 0.6 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. [CVSS 5.3 MEDIUM]
The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint `/wp-json/breeze/v1/clear-all-cache` being registered with `permission_callback => '__return_true'` and authentication being disabled by default when the API is enabled. This makes it possible for unauthenticated attackers to clear all site caches (page cache, Varnish, and Cloudflare) via a simple POST request,...
Privilege escalation via registration in Buyent Classified WordPress plugin.
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titl...
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
The s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
Apollo13 Framework Extensions (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
Album and Image Gallery plus Lightbox (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
WP AUDIO GALLERY (WordPress plugin) versions up to 2.0. is affected by missing authorization (CVSS 8.8).
The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. [CVSS 6.5 MEDIUM]
Privilege escalation in Lizza LMS Pro WordPress plugin <= 1.0.3.
The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dieno_update_page_title. [CVSS 4.3 MEDIUM]
Country Blocker for AdSense (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer()` function logging the complete plugin options array to the browser console on public pages, without restricting output to privileged users or checking for debug mode. This makes it possible for unauthenticated attackers to view sensitive configuration data, including email addresses, accessiBe us...
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire_admin_install_plugin() function in all versions up to, and including, 1.0.57. [CVSS 4.3 MEDIUM]
mobile friendly marketing popups. versions up to 4.4.2. contains a security vulnerability (CVSS 5.3).
The StatCounter - Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
The CTX Feed - WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() function in all versions up to, and including, 6.6.11. [CVSS 7.2 HIGH]
The Advanced Ads - Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()` function. [CVSS 4.3 MEDIUM]