Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 6177 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-58618 2 Jonathanjernigan, Wordpress 2 Pie Calendar, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar allows DOM-Based XSS. This issue affects Pie Calendar: from n/a through 1.2.8.
CVE-2025-6085 1 Wordpress 1 Wordpress 2025-09-04 7.2 High
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2025-58599 2 Tychesoftwares, Wordpress 2 Order Delivery Date For Woocommerce, Wordpress 2025-09-04 4.3 Medium
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Delivery Date for WooCommerce: from n/a through 4.1.0.
CVE-2025-58600 2 Cozmoslabs, Wordpress 2 Paid Member Subscriptions, Wordpress 2025-09-04 5.3 Medium
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Member Subscriptions: from n/a through 2.15.9.
CVE-2025-58598 3 Klarna, Woocommerce, Wordpress 3 Klarna For Woocommerce, Woocommerce, Wordpress 2025-09-04 6.6 Medium
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Klarna Order Management for WooCommerce: from n/a through 1.9.8.
CVE-2025-58593 2 Themeisle, Wordpress 2 Orbit Fox, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.
CVE-2025-58641 1 Wordpress 1 Wordpress 2025-09-04 5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery. This issue affects Exit Intent Popup: from n/a through 1.0.1.
CVE-2025-58603 2 Surfer, Wordpress 2 Surfer Plugin, Wordpress 2025-09-04 5.3 Medium
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574.
CVE-2025-58614 2 Tooltipy, Wordpress 2 Tooltipy, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy allows Stored XSS. This issue affects Tooltipy: from n/a through 5.5.6.
CVE-2025-58630 2 Rbaer, Wordpress 2 Simple Matomo Tracking Code Plugin, Wordpress 2025-09-04 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer Simple Matomo Tracking Code allows Stored XSS. This issue affects Simple Matomo Tracking Code: from n/a through 1.1.0.
CVE-2025-58623 1 Wordpress 1 Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bohemia Plugins Event Feed for Eventbrite allows DOM-Based XSS. This issue affects Event Feed for Eventbrite: from n/a through 1.3.2.
CVE-2025-58613 1 Wordpress 1 Wordpress 2025-09-04 5.3 Medium
Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Posts Table with Search & Sort: from n/a through 1.4.10.
CVE-2025-58624 1 Wordpress 1 Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Exchange Rates allows Stored XSS. This issue affects Exchange Rates: from n/a through 1.2.5.
CVE-2025-58643 2 Enituretechnology, Wordpress 2 Ltl Freight Quotes, Wordpress 2025-09-04 7.2 High
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through 2.2.7.
CVE-2025-58611 2 Tickera, Wordpress 2 Tickera, Wordpress 2025-09-04 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera allows Cross Site Request Forgery. This issue affects Tickera: from n/a through 3.5.5.6.
CVE-2025-58634 1 Wordpress 1 Wordpress 2025-09-04 5.3 Medium
Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4.
CVE-2025-58616 1 Wordpress 1 Wordpress 2025-09-04 6.5 Medium
Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frisbii Pay: from n/a through 1.8.2.1.
CVE-2025-58597 1 Wordpress 1 Wordpress 2025-09-04 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6.
CVE-2025-58637 1 Wordpress 1 Wordpress 2025-09-04 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart allows PHP Local File Inclusion. This issue affects immonex Kickstart: from n/a through 1.11.6.
CVE-2025-58621 2 Amuse Labs, Wordpress 2 Puzzleme Plugin, Wordpress 2025-09-04 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amuse Labs PuzzleMe for WordPress allows Stored XSS. This issue affects PuzzleMe for WordPress: from n/a through 1.2.0.