Vulnerabilities and Security Researches

Recent vulnerability researches
CVE/PSC	Application	Date	Affected versions	Description
			Actual on: Sep 25, 2025, 20:09:49
PSC-2025-64597	Redis Object Cache SAFE & CERTIFIED	Sep 17, 2025, 11:09:45	Min 2.6.5 Max 2.6.5	Redis Object Cache 2.6.5 is a persistent object cache backend powered by Redis, designed to enhance WordPress performance and scalability. It supports multiple PHP clients such as Predis, PhpRedis (PECL), and Relay, while offering advanced features like replication, sentinels, clustering, and seamless WP-CLI integration. Administrators can configure connection parameters, customize key prefixes, and set up replication or clustering to ensure optimal performance and reliability. For enterprise environments...
CVE-2025-8595	Zakra vulnerable	Sep 15, 2025, 07:09:57	Min - Max 4.1.5	The Zakra WordPress theme, installed on over 50,000 websites, provides a one-click demo import feature that streamlines site setup by loading predefined layouts, widgets, and content. However, a critical vulnerability—CVE-2025-8595—allows even low-privileged Subscriber+ users to invoke the demo import process via the import_button AJAX action. By exploiting a publicly exposed nonce, attackers can import arbitrary demo content, modify site configuration, or trigger long-running operations, thereby disrupting...
PSC-2025-64596	PDF Embedder SAFE & CERTIFIED	Sep 11, 2025, 11:09:45	Min 4.9.2 Max 4.9.2	PDF Embedder is a powerful WordPress plugin that allows you to upload and embed PDF files directly into posts and pages, offering seamless document presentation with responsive design. Unlike other plugins that rely on iframes, PDF Embedder uses a unique JavaScript-based rendering method that gives site administrators complete control over the look, sizing, and navigation of embedded PDFs. The plugin ensures that all PDF files and associated scripts are served from your own server, guaranteeing both faster...
CVE-2025-58982	Pixeline's Email Protector vulnerable	Sep 11, 2025, 02:09:28	Min - Max 1.4.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through 1.3.8.
CVE-2025-58983	Include Me vulnerable	Sep 11, 2025, 02:09:05	Min - Max 1.3.3	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2.
CVE-2025-10142	PagSeguro / PagBank Connect vulnerable	Sep 11, 2025, 01:09:29	Min - Max 4.44.4	The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'status' parameter in all versions up to, and including, 4.44.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the ...
CVE-2025-6189	Duplicate Page and Post vulnerable	Sep 11, 2025, 00:09:27	Min - Max 2.9.5	The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘meta_key’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2025-58975	Advanced Settings vulnerable	Sep 10, 2025, 19:09:22	Min - Max 3.2.0	Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1.
CVE-2025-7843	Auto Save Remote Images (Drafts) vulnerable	Sep 10, 2025, 18:09:06	Min - Max 1.0.9	The Auto Save Remote Images (Drafts) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the fetch_images() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVE-2025-58984	Welcart e-Commerce vulnerable	Sep 10, 2025, 17:09:17	Min - Max 2.11.21	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.

Recent approved applications
Application	Date	Description	Details
			Actual on: Sep 25, 2025, 20:09:49
Redis Object Cache	Sep 17, 2025, 11:09:45	<p>A persistent object cache backend powered by Redis®¹. Supports <a href="https://github.com/predis/predis/" rel="nofollow ugc">Predis</a>, <a href="https://github.com/phpredis/phpredis" rel="nofollow ugc">PhpRedis (PECL)</a>, <a href="https://relaycache.com" rel="nofollow ugc">Relay</a>, replication, sentinels, clustering and <a href="https://wp-cli.org/" rel="nofollow ugc">WP-CLI</a>.</p> <p>To adjust the connection parameters, prefix cache keys or configure replication/clustering, see the <a href="https...
PDF Embedder	Sep 11, 2025, 11:09:45	<p>Upload PDF files and embed them directly into your site’s posts and pages. It works as simple as adding images! Your PDF files will be automatically sized to their natural size and shape. You can also specify a width and the correct height will be calculated automatically. Our PDF Embedder plugin is fully responsive, so the embedded PDF will also look perfect, on any device. Additionally, the pdf embedder will automatically resize whenever the browser dimensions change.</p> <p>The plugin has a uniq...
Category Order and Taxonomy Terms Order	Sep 08, 2025, 11:09:45	<p>Order Categories and all custom taxonomies terms (hierarchically) using a Drag and Drop Sortable javascript capability. <strong>No Theme/plugins update is required</strong> the code apply the customised sorting to the front queries on the fly.<br /> If multiple taxonomies are created for a custom post type, a menu will allow to chose the one need to be sorted. If child categories (terms) are defined, those can be ordered too using the same interface.<br /> <br />Also you can have the admin terms interfac...
Meta pixel for WordPress	Sep 05, 2025, 10:09:48	<p>This plugin will install a Meta Pixel for your page so you can capture the actions people take when they interact with your page, such as Lead, ViewContent, AddToCart, InitiateCheckout and Purchase events. It also includes support for the Conversions API.</p> <p>You’ll be able to see when customers took an action after seeing your ad on Facebook and Instagram, which can help you with retargeting. And when you use the Conversions API alongside the Pixel, it creates a more reliable connection that helps th...
WP-PageNavi	Sep 05, 2025, 10:09:44	<p>Want to replace the old <em>← Older posts \| Newer posts →</em> links with some page links?</p> <p>This plugin provides the <code>wp_pagenavi()</code> template tag which generates fancy pagination links.</p> <h3>Usage</h3> <p>In your theme, you need to find calls to next_posts_link() and previous_posts_link() and replace them.</p> <p>In the Twentyten theme, it looks like this:</p> <pre><code><div class="nav-previous"><?php next_posts_link( __( '<span class="meta-nav">&larr;&lt...
Redux Framework	Aug 28, 2025, 11:08:45	<p>Redux was built by developers for developers. We save you months if not years in your development time. Everything we do is to help innovation in the industry.</p> <h4>♥️ What the Plugin does?</h4> <p>Redux is a simple, genuinely extensible, and fully responsive options framework for WordPress themes and plugins. Built on the WordPress Settings API; Redux supports many field types, custom error handling, custom fields & validation types, and import/export functionality.</p> <p>But what does Redux act...
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent)	Aug 26, 2025, 10:08:33	<p><strong>Prepare your website for cookie consent requirements related to GDPR, CCPA, DSGVO, EU cookie law and notice requirements with this incredibly powerful, easy-to-use, well supported and 100% free WordPress plugin.</strong></p> <h3>Key Features</h3> <ul> <li><strong>Local Data Storage</strong> – all user data is stored locally on your website only – we do not collect or store any of your user data on our servers</li> <li><strong>Simple</strong> to use — install & setup in seconds</li...
WP Activity Log	Aug 21, 2025, 21:08:55	<h3>WP Activity Log is the most comprehensive activity log plugin for logging user and system changes.</h3> <p>Keep an <a href="https://melapress.com/wordpress-activity-log/?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wsal" rel="nofollow ugc">activity log</a> of everything that happens on your WordPress sites and multisite networks with the WP Activity Log plugin to:</p> <ul> <li>Ensure user productivity</li> <li>Improve user accountability</li> <li>Ease troubl...
Superb Addons – WordPress Editor Blocks & Patterns and Elementor Sections & Elements	Aug 21, 2025, 13:08:55	<p>Superb Addons is a one-of-a-kind WordPress plugin that revolutionizes your website building experience. With over 500 patterns, blocks, elements, themes and sections at your fingertips, you can create professional sites in mere minutes without needing any design skills. From the responsive design to the seamless integration with Elementor and the WordPress Editor called Gutenberg. Superb Addons empowers you to unlock the full potential of WordPress.</p> <h3>Features Overview</h3> <ul> <li><strong>WordPre...
PHP Compatibility Checker	Aug 21, 2025, 09:08:19	<p>The WP Engine PHP Compatibility Checker can be used by any WordPress website on any web host to check PHP version compatibility.</p> <p>This plugin will lint theme and plugin code installed on your WordPress site and give you back a report of compatibility issues as reported by <a href="https://wptide.org" rel="nofollow ugc">Tide</a> for you to fix. Compatibility issues are categorized into errors and warnings and will list the file and line number of the offending code, as well as the info about why tha...

Recent vulnerability researches

Recent approved applications