Vulnerabilities and Security Researches

Recent vulnerability researches
CVE/PSC	Application	Date	Affected versions	Description
			Actual on: Jul 10, 2025, 04:07:27
CVE-2025-3702	Melapress File Monitor vulnerable	Jul 09, 2025, 22:07:15	Min - Max 2.2.0	Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a before 2.2.0.
CVE-2025-7327	Widget for Google Reviews vulnerable	Jul 09, 2025, 15:07:33	Min - Max 1.0.16	The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be up...
CVE-2025-5537	Lightbox & Modal Popup WordPress Plugin – FooBox vulnerable	Jul 09, 2025, 04:07:30	Min - Max 2.7.35	The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-6244	Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders vulnerable	Jul 09, 2025, 01:07:32	Min - Max 6.1.20	The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-5570	AI Engine vulnerable	Jul 09, 2025, 00:07:42	Min - Max 2.8.5	The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-5957	Guest Support – Complete customer support ticket system for WordPress vulnerable	Jul 08, 2025, 18:07:45	Min - Max 1.2.3	The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete arbitrary support tickets.
CVE-2025-23972	Contact Form 7 reCAPTCHA vulnerable	Jul 08, 2025, 14:07:41	Min - Max 1.2.0	Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA allows Cross Site Request Forgery. This issue affects Contact Form 7 reCAPTCHA: from n/a through 1.2.0.
CVE-2025-49302	Easy Stripe vulnerable	Jul 08, 2025, 14:07:28	Min - Max 1.2	Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1.
CVE-2025-28969	Gallery Widget vulnerable	Jul 08, 2025, 02:07:46	Min - Max 1.2.1	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cybio Gallery Widget allows SQL Injection. This issue affects Gallery Widget: from n/a through 1.2.1.
CVE-2025-28967	Contact Us Page – Contact People vulnerable	Jul 07, 2025, 21:07:01	Min - Max 3.7.4	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Truman Contact Us page - Contact people LITE allows SQL Injection. This issue affects Contact Us page - Contact people LITE: from n/a through 3.7.4.

Recent approved applications
Application	Date	Description	Details
			Actual on: Jul 10, 2025, 04:07:27
SiteGuard WP Plugin	Jun 28, 2025, 20:06:19	<p>You can find docs, FAQ and more detailed information on <a href="https://www.jp-secure.com/siteguard_wp_plugin_en/" rel="nofollow ugc">English Page</a> <a href="https://www.jp-secure.com/siteguard_wp_plugin/" rel="nofollow ugc">Japanese Page</a>.</p> <p>Simply install the SiteGuard WP Plugin, WordPress security is improved.<br /> This plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.</p> <p>Notes</p> <ul> <li>It does not suppo...
EWWW Image Optimizer	Jun 25, 2025, 19:06:42	<p>Are you frustrated by a slow website? Do over-sized images make you say “ewww”… Let EWWW Image Optimizer help you make your site faster, improve your bounce rate, and boost your SEO. But most importantly, make your visitors happier so they keep coming back for more.</p> <p>With EWWW IO you can optimize all your existing images, <a href="https://docs.ewww.io/article/84-plugin-compatibility" rel="nofollow ugc">from any plugin</a>, and then let EWWW IO take care of new image uploads automa...
Table of Contents Plus	Jun 19, 2025, 00:06:06	<p>A powerful yet user friendly plugin that automatically creates a context specific index or table of contents (TOC) for long pages (and custom post types). More than just a table of contents plugin, this plugin can also output a sitemap listing pages and/or categories across your entire site.</p> <p>Built from the ground up and with Wikipedia in mind, the table of contents by default appears before the first heading on a page. This allows the author to insert lead-in content that may summarise or introd...
Solid Security – Password, Two Factor Authentication, and Brute Force Protection	May 29, 2025, 17:05:55	<h4>Reduce your WordPress website’s risk to nearly zero with Solid Security</h4> <p><a href="https://go.solidwp.com/wporg-security-ithemes" rel="nofollow ugc">Formerly iThemes Security. Looking for iThemes? Learn more here.</a></p> <p>On average, 30,000 websites are hacked every day.* Cyberattacks in the US increased by 57% in 2022.** Bad actors who want to hack your site, steal your data, and cripple your business are a 24/7/365 threat.</p> <p>You need a proactive, strategic approach to WordPress website s...
WP Statistics	May 27, 2025, 20:05:03	<h4>WP Statistics: THE #1 WORDPRESS STATISTICS PLUGIN</h4> <p>Do you need a simple tool to know your website statistics? Do you need to represent these statistics? Are you caring about your users’ privacy while analyzing who are interested in your business or website? With WP Statistics you can know your website statistics without any need to send your users’ data anywhere. You can know how many people visit your personal or business website, where they’re coming from, what browsers and search engines they ...
Hostinger	May 27, 2025, 20:05:00	<p>Hostinger’s Onboarding Plugin transforms the way you <a href="https://www.hostinger.com/tutorials/launch-a-wordpress-site" rel="nofollow ugc">launch your WordPress site</a>. Crafted for an effortless user experience, it guides you through the essential steps of website setup and personalization. Whether you’re adjusting settings or exploring new tools, a single click is all it takes to guide you to the right place.</p> <p>Dive into a hassle-free WordPress setup by installing our plugin. Here&...
BackWPup – WordPress Backup Plugin	May 27, 2025, 19:05:57	<p>The <strong>backup plugin</strong> <strong><a href="https://backwpup.com/" rel="nofollow ugc">BackWPup</a></strong> can be used to save your complete installation including /wp-content/ and push them to an external Backup Service, like <strong>Dropbox</strong>, <strong>S3</strong>, <strong>FTP</strong> and many more, see list below. With a single backup .zip file you are able to easily restore an installation.</p> <p>Please understand: this free version will not be supported as well as the <a href="https...
Header Footer Code Manager	May 20, 2025, 20:05:00	<p>Header Footer Code Manager by 99 Robots is a easy interface to add snippets to the header or footer or above or below the content of your page.</p> <h4>BENEFITS</h4> <ul> <li>Never have to worry about inadvertently breaking your site by adding code</li> <li>Avoid inadvertently placing snippets in the wrong place</li> <li>Eliminate the need for a dozen or more silly plugins just to add a small code snippet – Less plugins is always better!</li> <li>Never lose your code snippets when switching or chan...
Widgets for Google Reviews	May 06, 2025, 19:05:29	<p>Display your <strong>Google Reviews</strong> for free with our responsive widgets in 2 minutes.</p> <p>The plugin displays your <strong>Google Reviews</strong> in amazing predesigned widgets. You can simply create and display your own widgets, and filter your reviews to build customers’ trust and increase SEO.</p> <div class="embed-vimeo" style="text-align: center;"><iframe loading="lazy" src="https://player.vimeo.com/video/506419798" width="640" height="360" frameborder="0" webkitallowfullscreen m...
JetBackup – WP Backup, Migrate & Restore	May 05, 2025, 10:05:34	<p>JetBackup is the most complete backup and migration choice for WordPress. We offer the easiest way to <strong>backup</strong>, <strong>restore</strong> and <strong>migrate</strong> your WordPress based website or blog. You can backup/migrate your files, database or both.</p> <p>Download <strong>JetBackup premium versions</strong> here: <a href="https://www.jetbackup.com/jetbackup-for-wordpress" rel="nofollow ugc">https://www.jetbackup.com/jetbackup-for-wordpress</a>.</p> <h4>See JetBackup in Action Here!...

Recent vulnerability researches

Recent approved applications