Wpmobile.app CVEs and Security Vulnerabilities

Search

Expected end of text, found '.' (at char 34), (line:1, col:35)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (326668 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68974	2 Miniorange, Wordpress	3 Social Login, Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress	2026-01-05	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.7.0.
CVE-2025-69021	2 Ays-pro, Wordpress	2 Popup Box, Wordpress	2026-01-05	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7.
CVE-2025-68993	3 Woocommerce, Wordpress, Xforwoocommerce	3 Woocommerce, Wordpress, Share, Print And Pdf Products	2026-01-05	5.3 Medium
Missing Authorization vulnerability in XforWooCommerce Share, Print and PDF Products for WooCommerce share-print-pdf-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share, Print and PDF Products for WooCommerce: from n/a through <= 3.1.2.
CVE-2025-69010	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through <= 1.3.5.
CVE-2025-14313	1 Wordpress	1 Wordpress	2026-01-05	6.1 Medium
The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2025-68976	1 Wordpress	1 Wordpress	2026-01-05	8.8 High
Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
CVE-2025-68983	2 Thembay, Wordpress	2 Greenmart, Wordpress	2026-01-05	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.11.
CVE-2025-69012	1 Wordpress	1 Wordpress	2026-01-05	4.3 Medium
Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through <= 3.12.8.
CVE-2025-69019	2 Flippingbook, Wordpress	2 Flippingbook, Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlippingBook FlippingBook flippingbook allows DOM-Based XSS.This issue affects FlippingBook: from n/a through <= 2.0.1.
CVE-2025-68989	2 Renzojohnson, Wordpress	2 Contact Form 7 Extension For Mailchimp, Wordpress	2026-01-05	7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through <= 0.9.49.
CVE-2025-68988	2 O2oe, Wordpress	2 E-invoice App Malaysia, Wordpress	2026-01-05	7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0.
CVE-2025-69020	2 Tribulant, Wordpress	2 Newsletters, Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through <= 4.12.
CVE-2025-15233	1 Tenda	2 M3, M3 Firmware	2026-01-05	8.8 High
A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUID results in heap-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
CVE-2025-69018	2 Shamalli, Wordpress	2 Web Directory Free, Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through <= 1.7.12.
CVE-2025-68991	1 Wordpress	1 Wordpress	2026-01-05	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows DOM-Based XSS.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.
CVE-2025-68982	2 Designthemes, Wordpress	2 Designthemes Lms, Wordpress	2026-01-05	8.1 High
Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6.
CVE-2025-69015	2 Automattic, Wordpress	2 Crowdsignal Forms, Wordpress	2026-01-05	3.8 Low
Missing Authorization vulnerability in Automattic Crowdsignal Forms crowdsignal-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crowdsignal Forms: from n/a through <= 1.7.2.
CVE-2025-68990	1 Wordpress	1 Wordpress	2026-01-05	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.
CVE-2025-68977	2 Designthemes, Wordpress	2 Portfolio Addon, Wordpress	2026-01-05	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through <= 1.5.
CVE-2025-65409	1 Gnu	1 Recutils	2026-01-05	7.5 High
A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.

« first previous Page 91 of 16334. next last »