Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
8971 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63001 | 2 Nicdark, Wordpress | 2 Hotel Booking, Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in nicdark Hotel Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through 3.8. | ||||
| CVE-2025-11924 | 2 Ninjaforms, Wordpress | 2 Ninja Forms, Wordpress | 2026-01-05 | 7.5 High |
| The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the `ninja-forms-views` REST endpoints return form metadata and submission content. This makes it possible for unauthenticated attackers to read arbitrary form definitions and submission records via a leaked bearer token granted they can load any page containing the Submissions Table block. NOTE: The developer released a patch for this issue in 3.13.1, but inadvertently introduced a REST API endpoint in which a valid bearer token could be minted for arbitrary form IDs, making this patch ineffective. | ||||
| CVE-2025-63053 | 2 Jeweltheme, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-01-05 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4. | ||||
| CVE-2025-58937 | 2 Axiomthemes, Wordpress | 2 Tacticool, Wordpress | 2026-01-05 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue affects Tacticool: from n/a through <= 1.0.13. | ||||
| CVE-2025-62081 | 3 Channelize.io, Woocommerce, Wordpress | 3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through 2.2.0. | ||||
| CVE-2025-58929 | 2 Axiomthemes, Wordpress | 2 Pantry, Wordpress | 2026-01-05 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects Pantry: from n/a through <= 1.4. | ||||
| CVE-2025-62147 | 2 Realbig, Wordpress | 2 Realbig, Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in Nik Melnik Realbig allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through 1.1.3. | ||||
| CVE-2025-58894 | 2 Axiomthemes, Wordpress | 2 Good Mood, Wordpress | 2026-01-05 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through <= 1.16. | ||||
| CVE-2025-62145 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in NewClarity DMCA Protection Badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through 2.2.0. | ||||
| CVE-2025-62133 | 2 Manidoraisamy, Wordpress | 2 Formfacade, Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Manidoraisamy FormFacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through 1.4.1. | ||||
| CVE-2025-66152 | 2 Merkulove, Wordpress | 2 Criptopayer For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Criptopayer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through 1.0.1. | ||||
| CVE-2025-66151 | 2 Merkulove, Wordpress | 2 Countdowner For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Countdowner for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through 1.0.4. | ||||
| CVE-2025-58893 | 2 Axiomthemes, Wordpress | 2 Alright, Wordpress | 2026-01-05 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through <= 1.6.1. | ||||
| CVE-2025-69089 | 2 Wordpress, Wpautolistings | 2 Wordpress, Auto Listings | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in autolistings Auto Listings auto-listings allows Stored XSS.This issue affects Auto Listings: from n/a through <= 2.7.1. | ||||
| CVE-2025-69088 | 3 Vidish, Woocommerce, Wordpress | 3 Combo Offers Woocommerce, Woocommerce, Wordpress | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through <= 4.2. | ||||
| CVE-2025-69034 | 2 Mikado-themes, Wordpress | 2 Lekker, Wordpress | 2026-01-05 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8. | ||||
| CVE-2025-69033 | 2 Awplife, Wordpress | 2 Blog Filter, Wordpress | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.3. | ||||
| CVE-2025-58225 | 2 Axiomthemes, Wordpress | 2 Paragon, Wordpress | 2026-01-05 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through <= 1.1. | ||||
| CVE-2025-53453 | 2 Axiomthemes, Wordpress | 2 Hygia, Wordpress | 2026-01-05 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through <= 1.16. | ||||
| CVE-2025-53449 | 2 Axiomthemes, Wordpress | 2 Convex, Wordpress | 2026-01-05 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Convex convex allows PHP Local File Inclusion.This issue affects Convex: from n/a through <= 1.11. | ||||