Filtered by vendor Wordpress
Subscriptions
Total
7232 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62010 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Famita famita allows PHP Local File Inclusion.This issue affects Famita: from n/a through <= 1.54. | ||||
| CVE-2025-62009 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2. | ||||
| CVE-2025-62008 | 3 Acowebs, Woocommerce, Wordpress | 3 Product Labels For Woocommerce, Woocommerce, Wordpress | 2025-11-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4. | ||||
| CVE-2025-62007 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through <= 1.0.3. | ||||
| CVE-2025-62006 | 2 Veronalabs, Wordpress | 2 Wp Sms, Wordpress | 2025-11-13 | 5.4 Medium |
| Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1. | ||||
| CVE-2025-62005 | 3 Fantasticplugins, Woocommerce, Wordpress | 3 Sumomemberships, Woocommerce, Wordpress | 2025-11-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0. | ||||
| CVE-2025-60248 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Product Bundles For Woocommerce | 2025-11-13 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through <= 1.8.6. | ||||
| CVE-2025-60247 | 3 Bux, Woocommerce, Wordpress | 3 Bux Woocommerce, Woocommerce, Wordpress | 2025-11-13 | 6.5 Medium |
| Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.3. | ||||
| CVE-2025-60246 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through <= 1.0. | ||||
| CVE-2025-60241 | 2 Premmerce, Wordpress | 2 Premmerce, Wordpress | 2025-11-13 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through <= 1.3.19. | ||||
| CVE-2025-60240 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6. | ||||
| CVE-2025-60239 | 2 Codexpert, Wordpress | 2 Cschool Lms, Wordpress | 2025-11-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through <= 1.4.3. | ||||
| CVE-2025-60238 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34. | ||||
| CVE-2025-60234 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8. | ||||
| CVE-2025-60232 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5. | ||||
| CVE-2025-60228 | 2 Designthemes, Wordpress | 2 Knowledge Base, Wordpress | 2025-11-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through <= 2.9. | ||||
| CVE-2025-60227 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2025-11-13 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.3. | ||||
| CVE-2025-60226 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a through <= 1.5.2. | ||||
| CVE-2025-60225 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0. | ||||
| CVE-2025-60224 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9. | ||||