Vulnerabilities and Security Researches

Recent vulnerability researches
CVE/PSC	Application	Date	Affected versions	Description
			Actual on: Feb 08, 2025, 15:02:04
CVE-2025-22658	Listings for Appfolio vulnerable	Feb 07, 2025, 19:02:18	Min - Max 1.2.1	Listings for Appfolio [listings-for-appfolio] < 1.2.1 CVE-2025-22658
CVE-2025-22667	WPSyncSheets Lite For WooCommerce WooCommerce Google Spreadsheet Addon – (Import / Export) vulnerable	Feb 07, 2025, 13:02:47	Min - Max 1.9	Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets [wpsyncsheets-woocommerce] < 1.9 CVE-2025-22667
CVE-2025-22655	CWD – Stealth Links vulnerable	Feb 07, 2025, 13:02:16	Min - Max 1.3	CWD – Stealth Links [cwd-stealth-links] <= 1.3 (unfixed) CVE-2025-22655
CVE-2024-13829	WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto vulnerable	Feb 07, 2025, 13:02:11	Min - Max 8.0.9	The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via forms.
CVE-2024-13487	CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce vulnerable	Feb 07, 2025, 13:02:10	Min - Max 2.2.6	The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVE-2025-22660	Include Mastodon Feed vulnerable	Feb 07, 2025, 09:02:34	Min - Max 1.9.10	Include Mastodon Feed [include-mastodon-feed] < 1.9.10 CVE-2025-22660
CVE-2025-22673	EAN for WooCommerce vulnerable	Feb 07, 2025, 08:02:24	Min - Max 5.4.0	EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory [ean-for-woocommerce] < 5.4.0 CVE-2025-22673
CVE-2025-22640	Paytm – Donation Plugin vulnerable	Feb 07, 2025, 08:02:11	Min - Max 2.3.2	Paytm Payment Donation [paytm-donation] <= 2.3.2 (unfixed) CVE-2025-22640
CVE-2025-22638	Product Table For WooCommerce vulnerable	Feb 07, 2025, 03:02:09	Min - Max 1.2.4	Product Table For WooCommerce [product-table-for-woocommerce] < 1.2.4 CVE-2025-22638
CVE-2025-22647	AIO Performance Profiler, Monitor, Optimize, Compress & Debug vulnerable	Feb 06, 2025, 23:02:39	Min - Max 1.2	AIO Performance Profiler, Monitor, Optimize, Compress & Debug [all-in-one-performance-accelerator] <= 1.2 (unfixed) CVE-2025-22647

Recent approved applications
Application	Date	Description	Details
			Actual on: Feb 08, 2025, 15:02:04
Breadcrumb NavXT	Feb 04, 2025, 16:02:54	<p>Breadcrumb NavXT, the successor to the popular WordPress plugin Breadcrumb Navigation XT, was written from the ground up to be better than its ancestor. This plugin generates locational breadcrumb trails for your WordPress powered blog or website. These breadcrumb trails are highly customizable to suit the needs of just about any website running WordPress. The Administrative interface makes setting options easy, while a direct class access is available for theme developers and more adventurous users.</p>...
ManageWP Worker	Jan 29, 2025, 18:01:14	<p>So you’re looking for a better way to manage WordPress websites? We have you covered! <a href="https://managewp.com/" title="Manage Multiple WordPress Websites" rel="nofollow ugc">ManageWP</a> is a dashboard that helps you save time and nerves by automating your workflow, so you could focus on things that matter. It is fast, secure and free for an unlimited number of websites.</p> <h4>Everything in One Place</h4> <p>Just the hassle of logging into each of your websites is enough to ruin your day. M...
Antispam Bee	Jan 23, 2025, 19:01:33	<p>Say Goodbye to comment spam on your WordPress blog or website. <em>Antispam Bee</em> blocks spam comments and trackbacks effectively, without captchas and without sending personal information to third party services. It is free of charge, ad-free and 100% GDPR compliant.</p> <h3>Feature/Settings Overview</h3> <ul> <li>Trust approved commenters.</li> <li>Trust commenters with a Gravatar.</li> <li>Consider the comment time.</li> <li>Allow comments only in a certain language.</li> <li>Block or allow comment...
Loginizer	Jan 20, 2025, 17:01:42	<p>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.</p> <p>Loginizer is actively used by more than 1000000+ WordPress websites.</p> <p>You can find our official documentation at <a href="https://loginizer.com/docs" rel...
Rank Math SEO with AI SEO Tools	Jan 16, 2025, 19:01:20	<h3>Rank Math SEO – Best SEO Plugin for WordPress</h3> <p><strong>1st WordPress SEO Plugin to use AI (Artificial Intelligence)</strong> ?<br /> ★★★★★</p> <p><strong>SEO is the most consistent source of traffic for any website.</strong> We created <a href="https://rankmath.com/wordpress/plugin/seo-suite/?utm_source=LP&utm_campaign=WP" rel="nofollow ugc"><strong>Rank Math, a WordPress SEO plugin</strong></a> with AI SEO features better than ChatGPT, to help every website owner get access to the SEO ...
Polylang	Jan 16, 2025, 19:01:15	<p>With Polylang fully integrated to WordPress and using only its built-in core features (taxonomies), keep steady performances on your site and create a multilingual site featuring from just one extra language to 10 or more depending on your needs. There is no limit in the number of languages added and WordPress’ language packs are automatically downloaded when ready.</p> <h4>Features</h4> <p>Depending on the type of site you have built or are planning to build, a combination of plugins from the list below...
XML Sitemap Generator for Google	Jan 08, 2025, 22:01:09	<p>Generate XML, HTML, RSS sitemaps for your website with ease using the XML Sitemap Generator for Google. This plugin enables you to improve your SEO rankings by creating page, news, video, HTML, and RSS sitemaps. It also supports custom post types and taxonomies, allowing you to ensure that all of your content is being indexed by search engines. With a user-friendly interface, you can easily configure the plugin to suit your needs and generate sitemaps in just a few clicks. Keep your website up-to-date an...
ElementsKit Elementor addons	Dec 27, 2024, 22:12:44	<p><strong>ElementsKit Elementor addons</strong> is an ultimate and all-in-one addons for <a href="https://elementor.com/" rel="nofollow ugc">Elementor</a> Page Builder. It includes the most comprehensive modules, such as <strong>Header Footer Builder, Mega Menu Builder, Layout template Library</strong>, etc. under the one hood. It has <strong>85+ custom Elementor widgets</strong> such as an Advanced accordion, Pricing table, Team member, testimonial, Accordion, tab, Countdown Timer, etc. to create any site...
WPS Hide Login	Dec 26, 2024, 22:12:41	<h4>English</h4> <p><em>WPS Hide Login</em> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.</p> <...
Starter Templates — Elementor, WordPress & Beaver Builder Templates	Dec 24, 2024, 18:12:29	<h4>FREE TEMPLATES FOR ELEMENTOR, BEAVER BUILDER AND BLOCK EDITOR</h4> <p>Create professional designed pixel perfect websites in minutes with the Starter Templates plugin.</p> <p>This plugin gives you access to 280+ pre-made full website templates and individual pages for your favorite page builder such as Elementor, Beaver Builder and the Block Editor.</p> <p><a href="https://bsf.io/starter-templates-demo" rel="nofollow ugc">Try it out on a free dummy site</a></p> <p>All you need to do is select the demo t...

Recent vulnerability researches

Recent approved applications