Filtered by vendor Wordpress
Subscriptions
Total
5153 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30993 | 3 Villatheme, Woocommerce, Wordpress | 4 Thank You Page Customizer For Woocommerce, Woocommerce Thank You Page Customizer, Woocommerce and 1 more | 2025-08-16 | 6.5 Medium |
| Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thank You Page Customizer for WooCommerce – Increase Your Sales: from n/a through 1.1.7. | ||||
| CVE-2025-54703 | 2 Prince, Wordpress | 2 Integrate Google Drive, Wordpress | 2025-08-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery. This issue affects Integrate Google Drive: from n/a through 1.5.2. | ||||
| CVE-2025-6790 | 2 Quizandsurveymaster, Wordpress | 2 Quiz And Survey Master, Wordpress | 2025-08-16 | 4.3 Medium |
| The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2025-54672 | 2 Jordy Meow, Wordpress | 2 Photo Engine, Wordpress | 2025-08-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine allows Cross Site Request Forgery. This issue affects Photo Engine: from n/a through 6.4.3. | ||||
| CVE-2025-54667 | 2 Mycred, Wordpress | 2 Mycred, Wordpress | 2025-08-16 | 5.3 Medium |
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue affects myCred: from n/a through 2.9.4.3. | ||||
| CVE-2025-52820 | 3 Infosoftplugin, Woocommerce, Wordpress | 3 Woocommerce Point Of Sale, Woocommerce, Wordpress | 2025-08-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection. This issue affects WooCommerce Point Of Sale (POS): from n/a through 1.4. | ||||
| CVE-2025-54687 | 2 Crocoblock, Wordpress | 2 Jettabs, Wordpress | 2025-08-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a through 2.2.9.1. | ||||
| CVE-2025-54668 | 2 Mycred, Wordpress | 2 Mycred, Wordpress | 2025-08-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred allows Stored XSS. This issue affects myCred: from n/a through 2.9.4.3. | ||||
| CVE-2025-24775 | 2 Madeit, Wordpress | 2 Forms, Wordpress | 2025-08-16 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Forms: from n/a through 2.9.0. | ||||
| CVE-2025-52731 | 2 Themefunction, Wordpress | 2 Wordpress Event Manager Event Calendar And Booking Plugin, Wordpress | 2025-08-16 | 7.5 High |
| Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24. | ||||
| CVE-2025-52728 | 2 Webcodingplace, Wordpress | 2 Responsive Posts Carousel Plugin, Wordpress | 2025-08-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion. This issue affects Responsive Posts Carousel WordPress Plugin: from n/a through 15.0. | ||||
| CVE-2025-54693 | 2 Epiph, Wordpress | 2 Form Block, Wordpress | 2025-08-16 | 9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form Block: from n/a through 1.5.5. | ||||
| CVE-2025-49887 | 3 Woocommerce, Wordpress, Wpfactory | 3 Woocommerce, Wordpress, Product Xml Feed Manager For Woocommerce | 2025-08-16 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.3. | ||||
| CVE-2025-30626 | 3 Lambertgroup, Wordpress, Wpbakery | 4 Multimedia Playlist Slider Addon For Wpbakery Page Builder, Wordpress, Page Builder and 1 more | 2025-08-16 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through 2.1. | ||||
| CVE-2025-49264 | 1 Wordpress | 2 Cloud Saml Sso, Wordpress | 2025-08-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login allows PHP Local File Inclusion. This issue affects Cloud SAML SSO - Single Sign On Login: from n/a through 1.0.18. | ||||
| CVE-2025-52730 | 2 Themefunction, Wordpress | 2 Wordpress Event Manager Event Calendar And Booking Plugin, Wordpress | 2025-08-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Stored XSS. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24. | ||||
| CVE-2025-28975 | 2 Redqteam, Wordpress | 2 Alike Wordpress Custom Post Comparison, Wordpress | 2025-08-16 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1. | ||||
| CVE-2025-54669 | 2 Mapsvg, Wordpress | 2 Mapsvg, Wordpress | 2025-08-16 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a through n/a. | ||||
| CVE-2025-54728 | 2 Cminds, Wordpress | 3 Cm On Demand Search And Replace, Cm Search And Replace, Wordpress | 2025-08-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Cross Site Request Forgery. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2. | ||||
| CVE-2025-54712 | 3 Elementor, Hashthemes, Wordpress | 3 Elementor, Easy Elementor Addons, Wordpress | 2025-08-16 | 4.3 Medium |
| Missing Authorization vulnerability in hashthemes Easy Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Elementor Addons: from n/a through 2.2.7. | ||||