Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
8397 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64258 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9. | ||||
| CVE-2025-64189 | 2 8theme, Wordpress | 2 Xstore Core, Wordpress | 2025-12-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6. | ||||
| CVE-2025-58935 | 1 Wordpress | 1 Wordpress | 2025-12-19 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lunna lunna allows PHP Local File Inclusion.This issue affects Lunna: from n/a through <= 1.15. | ||||
| CVE-2025-58938 | 2 Themeatelier, Wordpress | 2 Idonate, Wordpress | 2025-12-19 | 7.6 High |
| Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9. | ||||
| CVE-2025-58937 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue affects Tacticool: from n/a through <= 1.0.13. | ||||
| CVE-2025-64217 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through <= 7.7.2. | ||||
| CVE-2025-6324 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through <= 2.0.9. | ||||
| CVE-2025-60050 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through <= 1.21. | ||||
| CVE-2025-60080 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through <= 6.3.0. | ||||
| CVE-2025-60077 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 7.5 High |
| Missing Authorization vulnerability in YayCommerce YayPricing yaypricing allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects YayPricing: from n/a through <= 3.5.3. | ||||
| CVE-2025-64193 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2025-12-19 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through < 9.6.1. | ||||
| CVE-2025-64266 | 2 Magepeople, Wordpress | 2 Booking & Rental Manager, Wordpress | 2025-12-19 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.4. | ||||
| CVE-2025-60062 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 9.4 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a through <= 1.2.1.6. | ||||
| CVE-2025-60051 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Rare Radio rareradio allows PHP Local File Inclusion.This issue affects Rare Radio: from n/a through <= 1.0.15.1. | ||||
| CVE-2025-59134 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through <= 1.5.8. | ||||
| CVE-2025-60046 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes HeartStar heartstar allows PHP Local File Inclusion.This issue affects HeartStar: from n/a through <= 1.0.14. | ||||
| CVE-2025-64206 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2025-12-19 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0. | ||||
| CVE-2025-60053 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MaxCube maxcube allows PHP Local File Inclusion.This issue affects MaxCube: from n/a through <= 1.3.1. | ||||
| CVE-2025-60069 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. | ||||
| CVE-2025-64191 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2025-12-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows Reflected XSS.This issue affects XStore: from n/a through < 9.6.1. | ||||