Missing Authorization vulnerability in spoddev2021 Spreadconnect. This issue affects Spreadconnect: from n/a through 2.1.5. More information : https://patchstack.com/database/wordpress/plugin/wc-spod/vulnerability/wordpress-spreadconnect-plugin-2-1-5-broken-access-control-vulnerability?_s_id=cve
Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core allows Object Injection. This issue affects ThemeMove Core: from n/a through 1.4.2. More information : https://patchstack.com/database/wordpress/plugin/thememove-core/vulnerability/wordpress-thememove-core-plugin-1-4-2-php-object-injection-vulnerability?_s_id=cve
Missing Authorization vulnerability in awesomesupport Awesome Support. This issue affects Awesome Support: from n/a through 6.3.4. More information : https://patchstack.com/database/wordpress/plugin/awesome-support/vulnerability/wordpress-awesome-support-plugin-plugin-6-3-4-sensitive-data-exposure-vulnerability?_s_id=cve
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a through 3.4.7. More information : https://patchstack.com/database/wordpress/plugin/blog-designer-pro/vulnerability/wordpress-blog-designer-pro-plugin-3-4-7-authenticated-non-arbitrary-local-file-inclusion-vulnerability?_s_id=cve
Concurrent execution using shared resource with improper synchronization (‘race condition’) in SQL Server allows an authorized attacker to disclose information over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47997
Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1. More information : https://patchstack.com/database/wordpress/plugin/constant-contact-api/vulnerability/wordpress-constant-contact-for-wordpress-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve
Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player allows Server Side Request Forgery. This issue affects Ultimate Video Player: from n/a through 10.1. More information : https://patchstack.com/database/wordpress/plugin/fwduvp/vulnerability/wordpress-ultimate-video-player-plugin-10-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49692
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in highwarden Super Store Finder. This issue affects Super Store Finder: from n/a through 6.9.7. More information : https://patchstack.com/database/wordpress/plugin/superstorefinder-wp/vulnerability/wordpress-super-store-finder-plugin-6-9-7-local-file-inclusion-vulnerability?_s_id=cve
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2. More information : https://patchstack.com/database/wordpress/theme/photography/vulnerability/wordpress-photography-theme-7-5-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a through 3.4.7. More information : https://patchstack.com/database/wordpress/plugin/blog-designer-pro/vulnerability/wordpress-blog-designer-pro-plugin-3-4-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPSwings WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates. This issue affects WooCommerce...
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in villatheme WooCommerce Photo Reviews. This issue affects WooCommerce Photo Reviews: from n/a through 1.3.13. More information : https://patchstack.com/database/wordpress/plugin/woocommerce-photo-reviews/vulnerability/wordpress-woocommerce-photo-reviews-plugin-1-3-13-cross-site-scripting-xss-vulnerability?_s_id=cve
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in GoodBarber GoodBarber. This issue affects GoodBarber: from n/a through 1.0.26. More information : https://patchstack.com/database/wordpress/plugin/goodbarber/vulnerability/wordpress-goodbarber-1-0-26-open-redirection-vulnerability?_s_id=cve