Filtered by vendor Wordpress
Subscriptions
Total
8467 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68068 | 2 Select-themes, Wordpress | 2 Stockholm, Wordpress | 2025-12-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through <= 9.14.1. | ||||
| CVE-2025-68062 | 1 Wordpress | 1 Wordpress | 2025-12-16 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. | ||||
| CVE-2025-68056 | 1 Wordpress | 1 Wordpress | 2025-12-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through <= 5.4.5. | ||||
| CVE-2025-68053 | 1 Wordpress | 1 Wordpress | 2025-12-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection.This issue affects xPromoter: from n/a through <= 1.3.4. | ||||
| CVE-2025-67962 | 2 Aioseo, Wordpress | 2 Broken Link Checker, Wordpress | 2025-12-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through <= 1.2.6. | ||||
| CVE-2025-67950 | 2 Syed Balkhi, Wordpress | 2 All In One Seo Pack, Wordpress | 2025-12-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through <= 4.9.1. | ||||
| CVE-2025-66164 | 1 Wordpress | 1 Wordpress | 2025-12-16 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through <= 1.1.1. | ||||
| CVE-2025-64639 | 3 Mainwp, Wordpress, Wp Compress | 3 Mainwp, Wordpress, For Mainwp | 2025-12-16 | 5.3 Medium |
| Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.50.07. | ||||
| CVE-2025-64244 | 3 Codexpert, Elementor, Wordpress | 3 Restrict Elementor Widgets Columns And Sections, Elementor, Wordpress | 2025-12-16 | 4.3 Medium |
| Missing Authorization vulnerability in Codexpert, Inc Restrict Elementor Widgets, Columns and Sections restrict-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Elementor Widgets, Columns and Sections: from n/a through <= 1.12. | ||||
| CVE-2025-64240 | 1 Wordpress | 1 Wordpress | 2025-12-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross Site Request Forgery.This issue affects Freshchat: from n/a through <= 2.3.4. | ||||
| CVE-2025-59009 | 1 Wordpress | 1 Wordpress | 2025-12-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify listify allows Cross Site Request Forgery.This issue affects Listify: from n/a through <= 3.2.5. | ||||
| CVE-2025-58999 | 2 Loopus, Wordpress | 2 Wp Attractive Donations System, Wordpress | 2025-12-16 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25. | ||||
| CVE-2025-13956 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2025-12-16 | 5.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statistics, including total revenue summaries and order status counts | ||||
| CVE-2025-13728 | 2 Techjewel, Wordpress | 2 Fluentauth, Wordpress | 2025-12-16 | 6.4 Medium |
| The FluentAuth – The Ultimate Authorization & Security Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fluent_auth_reset_password` shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-12809 | 2 Wedevs, Wordpress | 2 Dokan, Wordpress | 2025-12-16 | 5.3 Medium |
| The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/dokan/v1/wholesale/register` REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve their email addresses via the REST API by providing a user ID, along with other information such as usernames, display names, user roles, and registration dates. | ||||
| CVE-2025-13794 | 2 Themeisle, Wordpress | 2 Auto Featured Image, Wordpress | 2025-12-16 | 4.3 Medium |
| The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulk_action_generate_handler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete or generate featured images on posts they do not own. | ||||
| CVE-2025-64638 | 3 Onpay.io, Woocommerce, Wordpress | 3 For Woocommerce, Woocommerce, Wordpress | 2025-12-16 | 5.3 Medium |
| Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47. | ||||
| CVE-2025-54045 | 2 Cminds, Wordpress | 2 Cm On Demand Search And Replace, Wordpress | 2025-12-16 | 4.3 Medium |
| Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.4. | ||||
| CVE-2025-64632 | 2 Auctollo, Wordpress | 2 Google-sitemap-generator, Wordpress | 2025-12-16 | 5.3 Medium |
| Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.21. | ||||
| CVE-2025-66120 | 2 Catfolders, Wordpress | 2 Catfolders, Wordpress | 2025-12-16 | 5.3 Medium |
| Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CatFolders: from n/a through <= 2.5.3. | ||||