Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
5109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49876 | 2 Metagauss, Wordpress | 2 Profilegrid, Wordpress | 2025-07-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.2. | ||||
| CVE-2025-49319 | 2 Wordpress, Wpfactory | 2 Wordpress, Wishlist For Woocommerce | 2025-07-21 | 6.5 Medium |
| Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist for WooCommerce: from n/a through 3.2.3. | ||||
| CVE-2025-52804 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in uxper Nuss allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nuss: from n/a through 1.3.3. | ||||
| CVE-2025-52803 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-28965 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.6 High |
| Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects URL Shortener: from n/a through 3.0.7. | ||||
| CVE-2025-48345 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft Contact Form 7 Editor Button allows Reflected XSS. This issue affects Contact Form 7 Editor Button: from n/a through 1.0.0. | ||||
| CVE-2025-28982 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3. | ||||
| CVE-2025-52714 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler allows SQL Injection. This issue affects Traveler: from n/a through n/a. | ||||
| CVE-2025-47652 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.13.4. | ||||
| CVE-2025-24777 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7. | ||||
| CVE-2025-32574 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows SQL Injection. This issue affects WPGYM: from n/a through 65.0. | ||||
| CVE-2025-52786 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kingdom Creation Media Folder allows Reflected XSS. This issue affects Media Folder: from n/a through 1.0.0. | ||||
| CVE-2025-48339 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 6.5 Medium |
| Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0. | ||||
| CVE-2025-30955 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy allows Reflected XSS. This issue affects ListingEasy: from n/a through 1.9.2. | ||||
| CVE-2025-30936 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Torod allows SQL Injection. This issue affects Torod: from n/a through 1.9. | ||||
| CVE-2025-52836 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Privilege Escalation. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3. | ||||
| CVE-2025-28961 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: from n/a through 3.0.7. | ||||
| CVE-2025-52819 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pakkemx Pakke Envíos allows SQL Injection. This issue affects Pakke Envíos: from n/a through 1.0.2. | ||||
| CVE-2025-52777 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmsMinds Pay with Contact Form 7 allows Reflected XSS. This issue affects Pay with Contact Form 7: from n/a through 1.0.4. | ||||
| CVE-2025-7712 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 9.1 Critical |
| The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||