Filtered by vendor Wordpress
Subscriptions
Total
7258 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54040 | 2 Webba-booking, Wordpress | 2 Webba Booking, Wordpress | 2025-08-24 | 6.5 Medium |
| Missing Authorization vulnerability in Webba Appointment Booking Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 5.1.20. | ||||
| CVE-2025-54034 | 2 Tribulant, Wordpress | 2 Newsletters, Wordpress | 2025-08-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10. | ||||
| CVE-2025-54012 | 2 Welcart, Wordpress | 2 E-commerce, Wordpress | 2025-08-24 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Commerce allows Object Injection. This issue affects Welcart e-Commerce: from n/a through 2.11.16. | ||||
| CVE-2025-54025 | 2 Relywp, Wordpress | 2 Coupon Affiliates, Wordpress | 2025-08-24 | 6.5 Medium |
| Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.4.0. | ||||
| CVE-2025-54032 | 2 Webcodingplace, Wordpress | 2 Real Estate Manager, Wordpress | 2025-08-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows Reflected XSS. This issue affects Real Estate Manager Pro: from n/a through 12.7.3. | ||||
| CVE-2025-53988 | 2 Crocoblock, Wordpress | 2 Jettabs For Elementor, Wordpress | 2025-08-24 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetBlocks For Elementor: from n/a through 1.3.18. | ||||
| CVE-2025-57892 | 2 Jeff Starr, Wordpress | 2 Simple Statistics For Feeds, Wordpress | 2025-08-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jeff Starr Simple Statistics for Feeds allows Cross Site Request Forgery. This issue affects Simple Statistics for Feeds: from n/a through 20250322. | ||||
| CVE-2025-53251 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a before 7.2. | ||||
| CVE-2025-8281 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 7.1 High |
| The WP Talroo WordPress plugin through 2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin and unauthenticated users. | ||||
| CVE-2025-57896 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 5.3 Medium |
| Missing Authorization vulnerability in andy_moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26. | ||||
| CVE-2025-57885 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Fluent Support allows Cross Site Request Forgery. This issue affects Fluent Support: from n/a through 1.9.1. | ||||
| CVE-2025-57884 | 2 Wordpress, Wpsoul | 2 Wordpress, Greenshift | 2025-08-23 | 4.3 Medium |
| Missing Authorization vulnerability in wpsoul Greenshift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Greenshift: from n/a through 12.1.1. | ||||
| CVE-2025-9331 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 4.3 Medium |
| The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcome_notice_import_handler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data into the site. | ||||
| CVE-2025-57890 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy Sessions allows Stored XSS. This issue affects Sessions: from n/a through 3.2.0. | ||||
| CVE-2025-57888 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2025-08-23 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NooTheme Jobmonster allows Retrieve Embedded Sensitive Data. This issue affects Jobmonster: from n/a through 4.8.0. | ||||
| CVE-2025-57894 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 4.3 Medium |
| Missing Authorization vulnerability in ollybach WPPizza allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPPizza: from n/a through 3.19.8. | ||||
| CVE-2025-57886 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.30.0. | ||||
| CVE-2025-57895 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.3. | ||||
| CVE-2025-57893 | 1 Wordpress | 1 Wordpress | 2025-08-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.79.270. | ||||
| CVE-2025-57891 | 2 Wordpress, Wp-ecommerce | 2 Wordpress, Recurring Paypal Donations | 2025-08-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS. This issue affects Recurring PayPal Donations: from n/a through 1.8. | ||||