Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
4970 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52804 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in uxper Nuss allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nuss: from n/a through 1.3.3. | ||||
| CVE-2025-52803 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-28965 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.6 High |
| Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects URL Shortener: from n/a through 3.0.7. | ||||
| CVE-2025-48345 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft Contact Form 7 Editor Button allows Reflected XSS. This issue affects Contact Form 7 Editor Button: from n/a through 1.0.0. | ||||
| CVE-2025-28982 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3. | ||||
| CVE-2025-52714 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler allows SQL Injection. This issue affects Traveler: from n/a through n/a. | ||||
| CVE-2025-47652 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.13.4. | ||||
| CVE-2025-24777 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7. | ||||
| CVE-2025-32574 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: from n/a through 65.0. | ||||
| CVE-2025-52786 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kingdom Creation Media Folder allows Reflected XSS. This issue affects Media Folder: from n/a through 1.0.0. | ||||
| CVE-2025-48339 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 6.5 Medium |
| Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0. | ||||
| CVE-2025-30955 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy allows Reflected XSS. This issue affects ListingEasy: from n/a through 1.9.2. | ||||
| CVE-2025-30936 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Injection. This issue affects Torod: from n/a through 1.9. | ||||
| CVE-2025-52836 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Privilege Escalation. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3. | ||||
| CVE-2025-28961 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: from n/a through 3.0.7. | ||||
| CVE-2025-52819 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos allows SQL Injection. This issue affects Pakke Envíos: from n/a through 1.0.2. | ||||
| CVE-2025-52777 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmsMinds Pay with Contact Form 7 allows Reflected XSS. This issue affects Pay with Contact Form 7: from n/a through 1.0.4. | ||||
| CVE-2025-7712 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.1 Critical |
| The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-5396 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.8 Critical |
| The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_ajax_handle() function not having a capability check, nor validating user supplied input passed directly to call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things. On WordPress sites running the Alone theme versions 7.8.4 and older, this can be chained with CVE-2025-5394 to install the Bears Backup plugin and achieve the same impact. | ||||
| CVE-2024-43260 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.4 Medium |
| Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4. | ||||