Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
5390 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52774 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2025-07-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.12.7. | ||||
| CVE-2025-53259 | 2 Nicdark, Wordpress | 2 Hotel Booking, Wordpress | 2025-07-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.7. | ||||
| CVE-2025-53315 | 2 Alanft, Wordpress | 2 Relocate-upload, Wordpress | 2025-07-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1. | ||||
| CVE-2025-52834 | 2 Favethemes, Wordpress | 2 Homey, Wordpress | 2025-07-06 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey allows SQL Injection. This issue affects Homey: from n/a through 2.4.5. | ||||
| CVE-2025-53278 | 2 Wordpress, Wpeka | 2 Wordpress, Wp Adcenter | 2025-07-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.6.0. | ||||
| CVE-2025-53276 | 2 Omnipressteam, Wordpress | 2 Omnipress, Wordpress | 2025-07-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress allows DOM-Based XSS. This issue affects Omnipress: from n/a through 1.6.3. | ||||
| CVE-2025-49883 | 2 Thembay, Wordpress | 2 Greenmart, Wordpress | 2025-07-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart allows PHP Local File Inclusion. This issue affects Greenmart: from n/a through 4.2.3. | ||||
| CVE-2025-53200 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2025-07-06 | 4.3 Medium |
| Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3. | ||||
| CVE-2025-39362 | 2 Mollie, Wordpress | 2 Mollie Payments For Woocommerce, Wordpress | 2025-07-06 | 6.5 Medium |
| Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2. | ||||
| CVE-2025-32642 | 2 Appsbd, Wordpress | 2 Vite Coupon Plugin, Wordpress | 2025-06-27 | 10 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7. | ||||
| CVE-2025-32660 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-39380 | 2 Hospital Management System, Wordpress | 2 Hospital Management System, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023). | ||||
| CVE-2025-39401 | 2 Mojoomla, Wordpress | 2 Wpams Plugin, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | ||||
| CVE-2025-47658 | 2 Elextensions, Wordpress | 2 Elex Wordpress Plugin, Wordpress | 2025-06-27 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through 3.2.7. | ||||
| CVE-2025-47663 | 3 Hospital Management System, Hospital Management System Project, Wordpress | 3 Hospital Management System, Hospital Management System, Wordpress | 2025-06-27 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11. | ||||
| CVE-2025-48123 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2025-06-27 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Code Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | ||||
| CVE-2025-32291 | 2 Fantasticplugins, Wordpress | 2 Sumo Affiliates Pro, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro allows Using Malicious Files. This issue affects SUMO Affiliates Pro: from n/a through 10.7.0. | ||||
| CVE-2025-48140 | 2 Metalpriceapi, Wordpress | 2 Metalpriceapi, Wordpress | 2025-06-27 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI allows Code Injection. This issue affects MetalpriceAPI: from n/a through 1.1.4. | ||||
| CVE-2025-47559 | 2 Mapsvg, Wordpress | 2 Mapsvg, Wordpress | 2025-06-27 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server. This issue affects MapSVG: from n/a through 8.5.32. | ||||
| CVE-2025-49071 | 2 Nasatheme, Wordpress | 2 Flozen, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen allows Upload a Web Shell to a Web Server. This issue affects Flozen: from n/a through n/a. | ||||