Filtered by vendor Wordpress
Subscriptions
Total
7025 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11835 | 2 Cozmoslabs, Wordpress | 2 Paid Membership Subscriptions, Wordpress | 2025-11-07 | 5.3 Medium |
| The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMS_AJAX_Checkout_Handler::process_payment() function in all versions up to, and including, 2.16.4. This makes it possible for unauthenticated attackers to trigger stored auto-renew charges for arbitrary members. | ||||
| CVE-2025-62034 | 1 Wordpress | 1 Wordpress | 2025-11-07 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | ||||
| CVE-2025-62016 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2025-11-07 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0. | ||||
| CVE-2025-62014 | 1 Wordpress | 1 Wordpress | 2025-11-07 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through <= 1.1.42. | ||||
| CVE-2025-53573 | 1 Wordpress | 1 Wordpress | 2025-11-07 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme Epic Review epic-review allows Reflected XSS.This issue affects Epic Review: from n/a through <= 1.0.2. | ||||
| CVE-2025-12520 | 2 Jgwhite33, Wordpress | 2 Wp Thumbtack Review Slider, Wordpress | 2025-11-07 | 4 Medium |
| The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-12527 | 1 Wordpress | 1 Wordpress | 2025-11-07 | 4.3 Medium |
| The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify notes. | ||||
| CVE-2025-28953 | 1 Wordpress | 1 Wordpress | 2025-11-07 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0. | ||||
| CVE-2025-54719 | 1 Wordpress | 1 Wordpress | 2025-11-07 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Object Injection.This issue affects Yogi - Health Beauty & Yoga: from n/a through <= 2.9.2. | ||||
| CVE-2025-49390 | 2 Christophrado, Wordpress | 2 Cookie Notice & Consent, Wordpress | 2025-11-07 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects Cookie Notice & Consent: from n/a through <= 1.6.4. | ||||
| CVE-2025-48330 | 1 Wordpress | 1 Wordpress | 2025-11-07 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows PHP Local File Inclusion.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0. | ||||
| CVE-2025-58636 | 2 Crm Perks, Wordpress | 2 Wp Gravity Forms Keap/infusionsoft, Wordpress | 2025-11-07 | N/A |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Object Injection.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.3. | ||||
| CVE-2025-48086 | 2 Wordpress, Wp-dreams | 2 Wordpress, Ajax Search | 2025-11-07 | N/A |
| Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3. | ||||
| CVE-2025-49398 | 2 Easy-appointments, Wordpress | 2 Easy Appointments, Wordpress | 2025-11-07 | N/A |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through <= 3.12.14. | ||||
| CVE-2025-52773 | 1 Wordpress | 1 Wordpress | 2025-11-07 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through <= 1.5.11. | ||||
| CVE-2025-58964 | 1 Wordpress | 1 Wordpress | 2025-11-07 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Enzy enzy allows Reflected XSS.This issue affects Enzy: from n/a through < 1.6.4. | ||||
| CVE-2025-54722 | 1 Wordpress | 1 Wordpress | 2025-11-07 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WooTour woo-tour allows Reflected XSS.This issue affects WooTour: from n/a through <= 3.6.3. | ||||
| CVE-2025-49909 | 1 Wordpress | 1 Wordpress | 2025-11-07 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects Penci Bookmark & Follow: from n/a through < 2.4. | ||||
| CVE-2025-58995 | 2 Creatives Planet, Wordpress | 2 Leblix, Wordpress | 2025-11-07 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Leblix leblix allows PHP Local File Inclusion.This issue affects Leblix: from n/a through <= 2.4. | ||||
| CVE-2025-49386 | 1 Wordpress | 1 Wordpress | 2025-11-07 | N/A |
| Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve-code-formatting allows Object Injection.This issue affects Preserve Code Formatting: from n/a through <= 4.0.1. | ||||