Vulnerabilities and Security Researches

Recent vulnerability researches
CVE/PSC	Application	Date	Affected versions	Description
			Actual on: Apr 13, 2025, 23:04:03
CVE-2025-31040	WP Food ordering and Restaurant Menu vulnerable	Apr 14, 2025, 03:04:41	Min - Max 1.1	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound WP Food ordering and Restaurant Menu allows PHP Local File Inclusion. This issue affects WP Food ordering and Restaurant Menu: from n/a through 1.1.
CVE-2025-32629	WP-BusinessDirectory – Business directory plugin for WordPress vulnerable	Apr 14, 2025, 03:04:19	Min - Max 3.1.2	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Path Traversal. This issue affects WP-BusinessDirectory: from n/a through 3.1.2.
CVE-2024-13338	Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer vulnerable	Apr 14, 2025, 03:04:13	Min - Max 2.3.2	The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-13337	Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer vulnerable	Apr 14, 2025, 03:04:13	Min - Max 2.3.3	The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-32614	EventON vulnerable	Apr 14, 2025, 03:04:10	Min - Max 2.4	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.3.2.
CVE-2025-31021	Mobile Smart vulnerable	Apr 14, 2025, 02:04:41	Min - Max 1.3.16	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dolby_uk Mobile Smart allows Reflected XSS. This issue affects Mobile Smart: from n/a through v1.3.16.
CVE-2025-32633	Database Toolset vulnerable	Apr 14, 2025, 02:04:32	Min - Max 1.8.4	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset allows Path Traversal. This issue affects Database Toolset: from n/a through 1.8.4.
CVE-2025-32627	JS Job Manager vulnerable	Apr 14, 2025, 02:04:26	Min - Max 2.0.2	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2025-31028	WP Hide Categories vulnerable	Apr 14, 2025, 02:04:25	Min - Max 1.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Hide Categories allows Reflected XSS. This issue affects WP Hide Categories: from n/a through 1.0.
CVE-2025-32631	Oxygen MyData for WooCommerce vulnerable	Apr 14, 2025, 02:04:19	Min - Max 1.0.63	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in oxygensuite Oxygen MyData for WooCommerce allows Path Traversal. This issue affects Oxygen MyData for WooCommerce: from n/a through 1.0.63.

Recent approved applications
Application	Date	Description	Details
			Actual on: Apr 13, 2025, 23:04:03
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]	Mar 12, 2025, 18:03:32	<h4>Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]</h4> <p>Instantly allow or disallow comments from any post type in WordPress (Pages, Posts, or Media) to stop the spammers and gain complete control over your full website. WP-CLI Support & Control comments via XML-RPC and REST-API too!</p> <p><a href="https://wpdeveloper.com/plugins/disable-comments/" rel="nofollow ugc">More About Plugin</a> ◼️ <a href="https://wpdeveloper.com/docs-category/disable-comments/" rel="nofollo...
W3 Total Cache	Mar 12, 2025, 18:03:31	<p>W3 Total Cache (W3TC) improves the SEO, Core Web Vitals and overall user experience of your site by increasing website performance and reducing load times by leveraging features like content delivery network (CDN) integration and the latest best practices.</p> <p>W3TC is the <strong>only</strong> web host agnostic Web Performance Optimization (WPO) framework for WordPress trusted by millions of publishers, web developers, and web hosts worldwide for more than a decade. It is the total performance solutio...
Maintenance	Feb 26, 2025, 18:02:05	<p>Maintenance plugin allows the WordPress site administrator to close the website for maintenance, enable “503 Service temporarily unavailable”, set a temporary page with authorization, which can be edited via the plugin settings. Easy customize the good look on all devices. Add your logo, background image, select the desired color, add text. Maintenance uses Bunny Fonts for EU GDPR compliance.</p> <p>Need <strong>pre-made themes</strong> and over 3 million free images to build maintenance, coming so...
Sucuri Security – Auditing, Malware Scanner and Security Hardening	Feb 24, 2025, 15:02:56	<p>Sucuri Inc. is a globally recognized authority in all matters related to website security, with specialization in WordPress Security.</p> <p>The Sucuri Security WordPress plugin is free to all WordPress users. It is a security suite meant to complement your existing security posture. Currently the ownership of this plugin was transferred to GoDaddy.<br /> It offers its users a set of security features for their website, each designed to have a positive effect on their security posture:</p> <ul> <li>Secur...
CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)	Feb 17, 2025, 21:02:02	<p>The CookieYes GDPR Cookie Consent plugin simplifies GDPR (RGPD, DSVGO) compliance by seamlessly integrating a cookie banner into your website.</p> <p>Additionally, it offers support for various global privacy regulations, including LGPD (Brazil), CNIL (France), PIPEDA (Canada), Law 25 (Quebec), POPIA (South Africa), nFADP (Switzerland), Privacy Act (Australia), PDPL (Saudi Arabia), PDPL (Argentina), PDPL (Andorra), DPA (Faroe Islands), and the California Consumer Privacy Act (CCPA/CPRA). It’s also ...
Safe SVG	Feb 17, 2025, 20:02:32	<p>Safe SVG is the best way to Allow SVG Uploads in WordPress!</p> <p>It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views.</p> <h4>Current Features</h4> <ul> <li><strong>Sanitised SVGs</strong> – Don’t open up security holes in your WordPress site by allowing uploads of unsanitised files.</li> <li><strong>SVG...
Breadcrumb NavXT	Feb 04, 2025, 16:02:54	<p>Breadcrumb NavXT, the successor to the popular WordPress plugin Breadcrumb Navigation XT, was written from the ground up to be better than its ancestor. This plugin generates locational breadcrumb trails for your WordPress powered blog or website. These breadcrumb trails are highly customizable to suit the needs of just about any website running WordPress. The Administrative interface makes setting options easy, while a direct class access is available for theme developers and more adventurous users.</p>...
ManageWP Worker	Jan 29, 2025, 18:01:14	<p>So you’re looking for a better way to manage WordPress websites? We have you covered! <a href="https://managewp.com/" title="Manage Multiple WordPress Websites" rel="nofollow ugc">ManageWP</a> is a dashboard that helps you save time and nerves by automating your workflow, so you could focus on things that matter. It is fast, secure and free for an unlimited number of websites.</p> <h4>Everything in One Place</h4> <p>Just the hassle of logging into each of your websites is enough to ruin your day. M...
Antispam Bee	Jan 23, 2025, 19:01:33	<p>Say Goodbye to comment spam on your WordPress blog or website. <em>Antispam Bee</em> blocks spam comments and trackbacks effectively, without captchas and without sending personal information to third party services. It is free of charge, ad-free and 100% GDPR compliant.</p> <h3>Feature/Settings Overview</h3> <ul> <li>Trust approved commenters.</li> <li>Trust commenters with a Gravatar.</li> <li>Consider the comment time.</li> <li>Allow comments only in a certain language.</li> <li>Block or allow comment...
Loginizer	Jan 20, 2025, 17:01:42	<p>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.</p> <p>Loginizer is actively used by more than 1000000+ WordPress websites.</p> <p>You can find our official documentation at <a href="https://loginizer.com/docs" rel...

Recent vulnerability researches

Recent approved applications