Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
9960 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64197 | 2 Sizam Design, Wordpress | 2 Rehub, Wordpress | 2026-02-17 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1. | ||||
| CVE-2025-64199 | 1 Wordpress | 1 Wordpress | 2026-02-17 | 5.3 Medium |
| Missing Authorization vulnerability in WpEstate wpresidence wpresidence allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpresidence: from n/a through <= 5.3.2. | ||||
| CVE-2025-63065 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2026-02-17 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n/a through 3.29. | ||||
| CVE-2026-24532 | 1 Wordpress | 1 Wordpress | 2026-02-17 | 4.3 Medium |
| Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2. | ||||
| CVE-2025-69055 | 2 Seatheme, Wordpress | 2 Bm Content Builder, Wordpress | 2026-02-17 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3. | ||||
| CVE-2026-1671 | 2 Switcorp, Wordpress | 2 Activity Log For Wordpress, Wordpress | 2026-02-13 | 6.5 Medium |
| The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view potentially sensitive information (e.g., the password of a higher level user, such as an administrator) contained in the exposed log files. | ||||
| CVE-2026-1316 | 2 Ivole, Wordpress | 2 Customer Reviews For Woocommerce, Wordpress | 2026-02-13 | 7.2 High |
| The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to, and including, 5.97.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers (if 'Enable for Guests' is enabled) to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1320 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2026-02-13 | 7.2 High |
| The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1104 | 2 Ninjateam, Wordpress | 2 Fastdup – Fastest Wordpress Migration & Duplicator, Wordpress | 2026-02-13 | 8.8 High |
| The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create and download full-site backup archives containing the entire WordPress installation, including database exports and configuration files. | ||||
| CVE-2025-15520 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-02-13 | 4.3 Medium |
| The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above. | ||||
| CVE-2019-25314 | 2 Duplicate-post, Wordpress | 2 Post, Wordpress | 2026-02-13 | 5.5 Medium |
| Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces. | ||||
| CVE-2025-64271 | 2 Hasthemes, Wordpress | 2 Wp Plugin Manager, Wordpress | 2026-02-13 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.This issue affects WP Plugin Manager: from n/a through <= 1.4.7. | ||||
| CVE-2025-8280 | 2 Contact Form 7 Captcha Project, Wordpress | 2 Contact Form 7 Captcha, Wordpress | 2026-02-13 | 5.8 Medium |
| The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | ||||
| CVE-2025-60197 | 2 Owenr88, Wordpress | 2 Simple Contact Forms, Wordpress | 2026-02-12 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through <= 1.6.4. | ||||
| CVE-2025-60198 | 2 Dedalx, Wordpress | 2 Saxon, Wordpress | 2026-02-12 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing WordPress Theme: from n/a through <= 1.9.3. | ||||
| CVE-2025-60199 | 2 Dedalx, Wordpress | 2 Inhype, Wordpress | 2026-02-12 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through <= 1.5.2. | ||||
| CVE-2025-60200 | 2 Thimpress, Wordpress | 2 Learnpress Export Import, Wordpress | 2026-02-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through <= 4.0.9. | ||||
| CVE-2025-60201 | 1 Wordpress | 1 Wordpress | 2026-02-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a through <= 8.2.7. | ||||
| CVE-2025-60202 | 1 Wordpress | 1 Wordpress | 2026-02-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through <= 2.3.6. | ||||
| CVE-2025-60203 | 1 Wordpress | 1 Wordpress | 2026-02-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows PHP Local File Inclusion.This issue affects Store Exporter: from n/a through <= 2.7.6. | ||||