Vulnerabilities and Security Researches

Recent vulnerability researches
CVE/PSC	Application	Date	Affected versions	Description
			Actual on: Aug 28, 2025, 12:08:50
CVE-2025-54731	YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress vulnerable	Aug 28, 2025, 17:08:18	Min - Max 3.5.2	Responsive YouTube Video Gallery Plugin for WordPress – YouTube Showcase [youtube-showcase] < 3.5.2 CVE-2025-54731
CVE-2025-58194	Bold Page Builder vulnerable	Aug 28, 2025, 16:08:36	Min - Max 5.4.4	Bold Page Builder [bold-page-builder] < 5.4.4 CVE-2025-58194 [en] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.3.
PSC-2025-64592	Redux Framework SAFE & CERTIFIED	Aug 28, 2025, 11:08:45	Min 4.5.7 Max 4.5.7	The Redux Framework has long been the go-to options framework for WordPress developers. It provides an extensible, fully responsive environment for building option panels, customizer controls, and advanced UI fields for themes and plugins. By saving developers months of work, Redux accelerates innovation while maintaining a clean, standards-based architecture. With the release of version 4.5.7, Redux Framework has officially achieved the Plugin Security Certification (PSC-2025-64592) by CleanTalk, confirmi...
CVE-2025-48362	Hesabfa Accounting vulnerable	Aug 28, 2025, 04:08:50	Min - Max 2.2.4	Hesabfa Accounting [hesabfa-accounting] <= 2.2.4 (unfixed) CVE-2025-48362
CVE-2025-48361	Hesabfa Accounting vulnerable	Aug 28, 2025, 04:08:50	Min - Max 2.2.4	Hesabfa Accounting [hesabfa-accounting] <= 2.2.4 (unfixed) CVE-2025-48361
CVE-2025-48322	Statify Widget vulnerable	Aug 28, 2025, 04:08:20	Min - Max 1.4.6	Statify Widget [statify-widget] <= 1.4.6 (unfixed + closed) CVE-2025-48322
CVE-2025-48320	百度分享按钮 vulnerable	Aug 28, 2025, 03:08:45	Min - Max 1.0.6	百度分享按钮 [baidushare-wp] <= 1.0.6 (unfixed) CVE-2025-48320
CVE-2025-6790	Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress vulnerable	Aug 28, 2025, 03:08:29	Min - Max 10.2.3	The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVE-2025-48323	Advance Food Menu vulnerable	Aug 28, 2025, 03:08:17	Min - Max 1.0	Advance Food Menu [advance-food-menu] <= 1.0 (unfixed + closed) CVE-2025-48323
CVE-2025-48324	tli.tl auto Twitter poster vulnerable	Aug 28, 2025, 01:08:44	Min - Max 3.4	tli.tl auto Twitter poster [tlitl-auto-twitter-poster] <= 3.4 (unfixed) CVE-2025-48324

Recent approved applications
Application	Date	Description	Details
			Actual on: Aug 28, 2025, 12:08:50
Redux Framework	Aug 28, 2025, 11:08:45	<p>Redux was built by developers for developers. We save you months if not years in your development time. Everything we do is to help innovation in the industry.</p> <h4>♥️ What the Plugin does?</h4> <p>Redux is a simple, genuinely extensible, and fully responsive options framework for WordPress themes and plugins. Built on the WordPress Settings API; Redux supports many field types, custom error handling, custom fields & validation types, and import/export functionality.</p> <p>But what does Redux act...
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent)	Aug 26, 2025, 10:08:33	<p><strong>Prepare your website for cookie consent requirements related to GDPR, CCPA, DSGVO, EU cookie law and notice requirements with this incredibly powerful, easy-to-use, well supported and 100% free WordPress plugin.</strong></p> <h3>Key Features</h3> <ul> <li><strong>Local Data Storage</strong> – all user data is stored locally on your website only – we do not collect or store any of your user data on our servers</li> <li><strong>Simple</strong> to use — install & setup in seconds</li...
WP Activity Log	Aug 21, 2025, 21:08:55	<h3>WP Activity Log is the most comprehensive activity log plugin for logging user and system changes.</h3> <p>Keep an <a href="https://melapress.com/wordpress-activity-log/?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wsal" rel="nofollow ugc">activity log</a> of everything that happens on your WordPress sites and multisite networks with the WP Activity Log plugin to:</p> <ul> <li>Ensure user productivity</li> <li>Improve user accountability</li> <li>Ease troubl...
Superb Addons – WordPress Editor Blocks & Patterns and Elementor Sections & Elements	Aug 21, 2025, 13:08:55	<p>Superb Addons is a one-of-a-kind WordPress plugin that revolutionizes your website building experience. With over 500 patterns, blocks, elements, themes and sections at your fingertips, you can create professional sites in mere minutes without needing any design skills. From the responsive design to the seamless integration with Elementor and the WordPress Editor called Gutenberg. Superb Addons empowers you to unlock the full potential of WordPress.</p> <h3>Features Overview</h3> <ul> <li><strong>WordPre...
PHP Compatibility Checker	Aug 21, 2025, 09:08:19	<p>The WP Engine PHP Compatibility Checker can be used by any WordPress website on any web host to check PHP version compatibility.</p> <p>This plugin will lint theme and plugin code installed on your WordPress site and give you back a report of compatibility issues as reported by <a href="https://wptide.org" rel="nofollow ugc">Tide</a> for you to fix. Compatibility issues are categorized into errors and warnings and will list the file and line number of the offending code, as well as the info about why tha...
WP Downgrade \| Specific Core Version	Aug 20, 2025, 09:08:19	<h4>WordPress Core Downgrade/Update</h4> <p><strong>EN:</strong> The plugin “WP Downgrade” forces the WordPress update routine to perform the installation of a <strong>specified</strong> WordPress release. The Core Release you specify is then downloaded from wordpress.org and installed as would <strong>any regular update</strong>. You can permanently stay on a previous version of your choice or update selected.</p> <p>The user Gahapati describes it so much better than I can. (Thank you!)</p> <bl...
Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)	Aug 18, 2025, 09:08:19	<p>Automatically add Image attributes such as Image Title, Image Caption, Description And Alt Text from Image Filename.</p> <p>The plugin can update image attributes for both new images and existing images in the media library.</p> <p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="640" height="360" src="https://www.youtube.com/embed/V5SOU4okOfU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&#...
Joinchat	Aug 15, 2025, 09:08:19	<p><strong>? Chat with your website visitors through their favorite chat applications. Place a floating button at the bottom of your site and give the best support to your customers.</strong></p> <blockquote> <p>The best WordPress plugin for WhatsApp, with more than <strong>600,000 installations</strong> worldwide.</p> </blockquote> <p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="640" height="360" src="https://www.youtube.com/emb...
String locator	Aug 13, 2025, 21:08:42	<p>When working on themes and plugins you often notice a piece of text that appears hardcoded into the files, you need to modify it, but you don’t know what theme or plugin it’s in, and certainly not which individual file to look in.</p> <p>Easily search through your themes, plugins or even WordPress core and be presented with a list of files, the matched text and what line of the file matched your search.<br /> You can then quickly make edits directly in your browser by clicking the link from t...
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!	Aug 08, 2025, 08:08:14	<h4>The Best & Most User-Friendly WordPress Form Builder</h4> <p>? <a href="https://demo.tastewp.com/everest-forms" rel="nofollow ugc">Give a Try</a> (Clicking this link creates a demo where you can test Everest Forms.)</p> <p>Everest Forms is the most user-friendly and fastest WordPress form builder plugin for creating contact forms, online application forms, surveys, polls, etc. Comes with a super simple admin panel and drag-and-drop fields with which you can create any form you need.</p> <p>No time t...

Recent vulnerability researches

Recent approved applications