Filtered by vendor Wordpress
Subscriptions
Total
7025 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39467 | 2 Mikado-themes, Wordpress | 2 Wanderland, Wordpress | 2025-11-06 | N/A |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. | ||||
| CVE-2025-60235 | 3 Plugify, Woocommerce, Wordpress | 3 Helpdesk Support Ticket System For Woocommerce, Woocommerce, Wordpress | 2025-11-06 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.0. | ||||
| CVE-2025-39466 | 2 Mikado-themes, Wordpress | 2 Dor, Wordpress | 2025-11-06 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4. | ||||
| CVE-2025-62017 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2025-11-06 | 5.4 Medium |
| Missing Authorization vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0. | ||||
| CVE-2025-58243 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through <= 3.4.0. | ||||
| CVE-2025-62055 | 2 Elated-themes, Wordpress | 2 Academist, Wordpress | 2025-11-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Academist academist.This issue affects Academist: from n/a through < 1.3. | ||||
| CVE-2025-60202 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through <= 2.3.6. | ||||
| CVE-2025-60245 | 2 Wordpress, Wpusermanager | 2 Wordpress, Wp User Manager | 2025-11-06 | N/A |
| Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12. | ||||
| CVE-2025-59556 | 1 Wordpress | 1 Wordpress | 2025-11-06 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup GoStore gostore allows Reflected XSS.This issue affects GoStore: from n/a through < 1.6.4. | ||||
| CVE-2025-64287 | 2 Edge-themes, Wordpress | 2 Alloggio Hotel Booking, Wordpress | 2025-11-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Alloggio - Hotel Booking alloggio allows PHP Local File Inclusion.This issue affects Alloggio - Hotel Booking: from n/a through <= 1.8. | ||||
| CVE-2025-48089 | 2 Rainbow-themes, Wordpress | 2 Education Wordpress Theme, Wordpress | 2025-11-06 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0. | ||||
| CVE-2025-53252 | 2 Wordpress, Zozothemes | 2 Wordpress, Zegen | 2025-11-06 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Zegen zegen allows PHP Local File Inclusion.This issue affects Zegen: from n/a through <= 1.1.9. | ||||
| CVE-2025-48290 | 2 Bslthemes, Wordpress | 2 Kinsley, Wordpress | 2025-11-06 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through <= 3.4.4. | ||||
| CVE-2025-62914 | 2 Anibalwainstein, Wordpress | 2 Effect Maker, Wordpress | 2025-11-06 | 6.5 Medium |
| Missing Authorization vulnerability in anibalwainstein Effect Maker effect-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Effect Maker: from n/a through <= 1.2.1. | ||||
| CVE-2025-11268 | 2 Wordpress, Wpchill | 2 Wordpress, Strong Testimonials | 2025-11-06 | 4.3 Medium |
| The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a do_shortcode call. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes if an administrator previews or publishes a crafted testimonial. | ||||
| CVE-2025-12471 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 6.1 Medium |
| The Hubbub Lite – Fast, free social sharing and follow buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dpsp_list_attention_search' parameter in all versions up to, and including, 1.36.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-62030 | 2 Tagdiv, Wordpress | 2 Composer, Wordpress | 2025-11-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tagDiv Composer: from n/a through <= 5.4.1. | ||||
| CVE-2025-53214 | 1 Wordpress | 1 Wordpress | 2025-11-06 | N/A |
| Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through <= 1.21. | ||||
| CVE-2025-54721 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through <= 3.0.2. | ||||
| CVE-2025-62067 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through <= 2.5. | ||||