Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
7181 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12494 | 2 Wordpress, Wpchill | 2 Wordpress, Image Photo Gallery Final Tiles Grid | 2025-11-18 | 4.3 Medium |
| The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_import_file function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level access and above, to move arbitrary image files on the server. | ||||
| CVE-2025-9501 | 1 Wordpress | 2 W3 Total Cache, Wordpress | 2025-11-18 | 9 Critical |
| The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post. | ||||
| CVE-2025-64369 | 2 Codepeople, Wordpress | 2 Contact Form Email, Wordpress | 2025-11-17 | 6.5 Medium |
| Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58. | ||||
| CVE-2025-64276 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2025-11-17 | 6.5 Medium |
| Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4. | ||||
| CVE-2025-64381 | 2 Wordpress, Wpdevelop | 2 Wordpress, Booking Calendar | 2025-11-17 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7. | ||||
| CVE-2025-58972 | 2 Barcode Scanner, Wordpress | 2 Barcode Scanner With Inventory & Order Manager, Wordpress | 2025-11-17 | 7.2 High |
| Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4. | ||||
| CVE-2025-58964 | 1 Wordpress | 1 Wordpress | 2025-11-17 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Enzy enzy allows Reflected XSS.This issue affects Enzy: from n/a through < 1.6.4. | ||||
| CVE-2025-58638 | 2 E-plugins, Wordpress | 2 Institutions Directory, Wordpress | 2025-11-17 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through <= 1.3.3. | ||||
| CVE-2025-58636 | 2 Crm Perks, Wordpress | 2 Wp Gravity Forms Keap/infusionsoft, Wordpress | 2025-11-17 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Object Injection.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.3. | ||||
| CVE-2025-58629 | 1 Wordpress | 1 Wordpress | 2025-11-17 | 7.5 High |
| Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.0.9. | ||||
| CVE-2025-58627 | 1 Wordpress | 1 Wordpress | 2025-11-17 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through < 2.0.9. | ||||
| CVE-2025-60245 | 2 Wordpress, Wpusermanager | 2 Wordpress, Wp User Manager | 2025-11-17 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12. | ||||
| CVE-2025-60244 | 1 Wordpress | 1 Wordpress | 2025-11-17 | 7.1 High |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through <= 1.0.4.2. | ||||
| CVE-2025-60243 | 3 Holest Engineering, Woocommerce, Wordpress | 3 Selling Commander For Woocommerce, Woocommerce, Wordpress | 2025-11-17 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through <= 1.2.46. | ||||
| CVE-2025-60242 | 1 Wordpress | 1 Wordpress | 2025-11-17 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Anatoly Download Counter download-counter allows Path Traversal.This issue affects Download Counter: from n/a through <= 1.4. | ||||
| CVE-2025-60235 | 3 Plugify, Woocommerce, Wordpress | 3 Helpdesk Support Ticket System For Woocommerce, Woocommerce, Wordpress | 2025-11-17 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.0. | ||||
| CVE-2025-60207 | 3 Addify, Woocommerce, Wordpress | 3 Custom User Registration Fields For Woocommerce, Woocommerce, Wordpress | 2025-11-17 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2. | ||||
| CVE-2025-60189 | 3 Polopag, Woocommerce, Wordpress | 3 Polopag, Woocommerce, Wordpress | 2025-11-17 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP Local File Inclusion.This issue affects PoloPag – Pix Automático para Woocommerce: from n/a through <= 2.0.9. | ||||
| CVE-2025-60188 | 2 Atarim, Wordpress | 2 Atarim, Wordpress | 2025-11-17 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2. | ||||
| CVE-2025-60073 | 1 Wordpress | 1 Wordpress | 2025-11-17 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Responsive Sidebar responsive-sidebar allows PHP Local File Inclusion.This issue affects Responsive Sidebar: from n/a through <= 1.2.2. | ||||