Filtered by vendor Wordpress
Subscriptions
Total
7214 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58994 | 2 Designervily, Wordpress | 2 Greenify, Wordpress | 2025-11-17 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Greenify greenify allows PHP Local File Inclusion.This issue affects Greenify: from n/a through <= 2.2. | ||||
| CVE-2025-58986 | 1 Wordpress | 1 Wordpress | 2025-11-17 | 6.5 Medium |
| Missing Authorization vulnerability in ganddser Jock On Air Now (JOAN) joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now (JOAN): from n/a through <= 6.0.4. | ||||
| CVE-2025-10686 | 1 Wordpress | 1 Wordpress | 2025-11-15 | 7.2 High |
| The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. | ||||
| CVE-2025-11981 | 2 Jdsofttech, Wordpress | 2 School Management System, Wordpress | 2025-11-15 | 4.9 Medium |
| The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-12891 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2025-11-14 | 5.3 Medium |
| The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ays_survey_show_results' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to view all survey submissions. | ||||
| CVE-2025-12620 | 2 Ays-pro, Wordpress | 2 Poll Maker, Wordpress | 2025-11-14 | 4.9 Medium |
| The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-12681 | 1 Wordpress | 1 Wordpress | 2025-11-14 | 5.3 Medium |
| The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax_get_comment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP addresses, and email addresses. | ||||
| CVE-2025-64262 | 1 Wordpress | 1 Wordpress | 2025-11-14 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ramon fincken Auto Prune Posts auto-prune-posts allows Cross Site Request Forgery.This issue affects Auto Prune Posts: from n/a through <= 3.0.0. | ||||
| CVE-2025-64277 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2025-11-14 | 5.3 Medium |
| Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9. | ||||
| CVE-2025-64379 | 2 Pluggabl, Wordpress | 2 Booster For Woocommerce, Wordpress | 2025-11-14 | 4.3 Medium |
| Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0. | ||||
| CVE-2025-64384 | 1 Wordpress | 1 Wordpress | 2025-11-14 | N/A |
| Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3. | ||||
| CVE-2025-8397 | 1 Wordpress | 1 Wordpress | 2025-11-14 | 6.4 Medium |
| The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12536 | 2 Brainstormforce, Wordpress | 2 Sureforms, Wordpress | 2025-11-14 | 5.3 Medium |
| The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due to setting the 'auth_callback' parameter to '__return_true', which allows unauthenticated access to the metadata. This makes it possible for unauthenticated attackers to extract sensitive data including email notification configurations, which frequently contain vendor-provided CRM/help desk dropbox addresses, CC/BCC recipients, and notification templates that can be abused to inject malicious data into downstream systems. | ||||
| CVE-2025-12892 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2025-11-14 | 5.3 Medium |
| The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to update the ays_survey_maker_upgrade_plugin option. | ||||
| CVE-2025-64265 | 2 N-media, Wordpress | 2 Frontend File Manager, Wordpress | 2025-11-14 | 4.3 Medium |
| Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.2. | ||||
| CVE-2025-64271 | 2 Hasthemes, Wordpress | 2 Wp Plugin Manager, Wordpress | 2025-11-14 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.This issue affects WP Plugin Manager: from n/a through <= 1.4.7. | ||||
| CVE-2025-64259 | 2 Jeroen Schmit, Wordpress | 2 Theater For Wordpress, Wordpress | 2025-11-14 | 6.5 Medium |
| Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.18.8. | ||||
| CVE-2025-64261 | 2 Codepeople, Wordpress | 2 Appointment Booking Calendar, Wordpress | 2025-11-14 | 6.5 Medium |
| Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95. | ||||
| CVE-2025-64264 | 1 Wordpress | 1 Wordpress | 2025-11-14 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Popup addon for Ninja Forms popup-addon-for-ninja-forms allows Stored XSS.This issue affects Popup addon for Ninja Forms: from n/a through <= 3.5.1. | ||||
| CVE-2025-64382 | 2 Webtoffee, Wordpress | 2 Order Export & Order Import For Woocommerce, Wordpress | 2025-11-14 | 4.3 Medium |
| Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through <= 2.6.7. | ||||