Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
6029 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53230 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2025-08-29 | 7.6 High |
| Missing Authorization vulnerability in honzat Page Manager for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page Manager for Elementor: from n/a through 2.0.5. | ||||
| CVE-2025-49383 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Neresa allows PHP Local File Inclusion. This issue affects Neresa: from n/a through 1.3. | ||||
| CVE-2025-53588 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2. | ||||
| CVE-2025-54734 | 2 Bplugins, Wordpress | 2 B Slider, Wordpress | 2025-08-29 | 5.8 Medium |
| Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30. | ||||
| CVE-2025-48365 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6. | ||||
| CVE-2025-54738 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2025-08-29 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9. | ||||
| CVE-2025-53248 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine allows PHP Local File Inclusion. This issue affects Magazine: from n/a through 1.2.2. | ||||
| CVE-2025-54742 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8. | ||||
| CVE-2025-53223 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undoIT Theme Switcher Reloaded allows Reflected XSS. This issue affects Theme Switcher Reloaded: from n/a through 1.1. | ||||
| CVE-2025-53337 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.4 Medium |
| Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3. | ||||
| CVE-2025-54716 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5. | ||||
| CVE-2025-53289 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Widget Areas allows Reflected XSS. This issue affects Theme Blvd Widget Areas: from n/a through 1.3.0. | ||||
| CVE-2025-54731 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1. | ||||
| CVE-2025-53583 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight allows Object Injection. This issue affects Employee Spotlight: from n/a through 5.1.1. | ||||
| CVE-2025-53572 | 2 Emarketdesign, Wordpress | 2 Wp Easy Contact, Wordpress | 2025-08-29 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact allows Object Injection. This issue affects WP Easy Contact: from n/a through 4.0.1. | ||||
| CVE-2025-54714 | 2 Dylanjames, Wordpress | 2 Zephyr Project Manager, Wordpress | 2025-08-29 | 7.1 High |
| Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201. | ||||
| CVE-2025-54724 | 2 Uxper, Wordpress | 2 Golo, Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1. | ||||
| CVE-2025-54710 | 2 Bplugins, Wordpress | 2 Tiktok Feed Plugin, Wordpress | 2025-08-29 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21. | ||||
| CVE-2025-53334 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah allows PHP Local File Inclusion. This issue affects Jannah: from n/a through 7.4.1. | ||||
| CVE-2025-53247 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPInterface BlogMarks allows PHP Local File Inclusion. This issue affects BlogMarks: from n/a through 1.0.8. | ||||