Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
8397 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68596 | 2 Bitapps, Wordpress | 2 Bit Assist, Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11. | ||||
| CVE-2025-68590 | 2 Crm Perks, Wordpress | 2 Integration For Contact Form 7 Hubspot, Wordpress | 2025-12-29 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2. | ||||
| CVE-2025-68532 | 3 Elementor, Modeltheme, Wordpress | 3 Elementor, Addons For Wpbakery And Elementor, Wordpress | 2025-12-29 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Stored XSS.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6. | ||||
| CVE-2025-14913 | 2 Wordpress, Wpshuffle | 2 Wordpress, Frontend Post Submission Manager | 2025-12-29 | 5.3 Medium |
| The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'media_delete_action' function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to delete arbitrary attachments. | ||||
| CVE-2025-13958 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 5.9 Medium |
| The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-13407 | 2 Gravityforms, Wordpress | 2 Gravity Forms, Wordpress | 2025-12-29 | 6.8 Medium |
| The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload path. | ||||
| CVE-2025-67630 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through <= 1.0.2. | ||||
| CVE-2023-36525 | 2 Wordpress, Wpjobboard | 2 Wordpress, Wpjobboard | 2025-12-29 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0. | ||||
| CVE-2025-68565 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 9.8 Critical |
| Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3. | ||||
| CVE-2025-68537 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14. | ||||
| CVE-2025-68529 | 2 Rhys Wynne, Wordpress | 2 Wp Email Capture, Wordpress | 2025-12-29 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through <= 3.12.5. | ||||
| CVE-2025-68583 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through <= 1.4.10. | ||||
| CVE-2023-28619 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 4.3 Medium |
| Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8. | ||||
| CVE-2023-32120 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1. | ||||
| CVE-2025-67909 | 2 Wordpress, Wpswings | 2 Wordpress, Membership For Woocommerce | 2025-12-29 | 8.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3. | ||||
| CVE-2025-68535 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2025-12-29 | 9.1 Critical |
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1. | ||||
| CVE-2025-68579 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6. | ||||
| CVE-2025-68523 | 2 Spiffyplugins, Wordpress | 2 Spiffy Calendar, Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7. | ||||
| CVE-2023-40679 | 2 Jeweltheme, Wordpress | 2 Master Addons For Elementor, Wordpress | 2025-12-29 | 6.5 Medium |
| Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3. | ||||
| CVE-2025-68567 | 2 Wordpress, Wphocus | 2 Wordpress, My Auctions Allegro | 2025-12-29 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through <= 3.6.32. | ||||