Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
9004 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48338 | 2 Kevonadonis, Wordpress | 2 Wp Abstracts, Wordpress | 2025-11-13 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstracts: from n/a through <= 2.7.4. | ||||
| CVE-2025-48330 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows PHP Local File Inclusion.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0. | ||||
| CVE-2025-48290 | 2 Bslthemes, Wordpress | 2 Kinsley, Wordpress | 2025-11-13 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through <= 3.4.4. | ||||
| CVE-2025-48106 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through < 1.3.1. | ||||
| CVE-2025-48099 | 2 Codeamp, Wordpress | 2 Search & Filter, Wordpress | 2025-11-13 | 4.7 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Code Amp Search & Filter search-filter allows Cross Site Request Forgery.This issue affects Search & Filter: from n/a through <= 1.2.17. | ||||
| CVE-2025-48098 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8. | ||||
| CVE-2025-48097 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards allows Reflected XSS.This issue affects WSAnalytics: from n/a through <= 1.1.2. | ||||
| CVE-2025-48096 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 6.5 Medium |
| Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through <= 1.4.0. | ||||
| CVE-2025-48095 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2025-11-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8. | ||||
| CVE-2025-48093 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calvaweb Password only login password-only-login allows Reflected XSS.This issue affects Password only login: from n/a through <= 0.2. | ||||
| CVE-2025-48092 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jurajpuchky Fix Multiple Redirects fix-multiple-redirects allows Reflected XSS.This issue affects Fix Multiple Redirects: from n/a through <= 1.2.3. | ||||
| CVE-2025-48091 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through <= 0.3.6. | ||||
| CVE-2025-48090 | 2 Cocobasic, Wordpress | 2 Blanka, Wordpress | 2025-11-13 | 8.2 High |
| Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5. | ||||
| CVE-2025-48089 | 2 Rainbow-themes, Wordpress | 2 Education Wordpress Theme, Wordpress | 2025-11-13 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through < 3.1.0. | ||||
| CVE-2025-48086 | 2 Wordpress, Wp-dreams | 2 Wordpress, Ajax Search | 2025-11-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3. | ||||
| CVE-2025-48085 | 2 Wordpress, Zipang | 2 Wordpress, Simple Stripe | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through <= 0.9.17. | ||||
| CVE-2025-48083 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5. | ||||
| CVE-2025-48082 | 2 Progress Planner, Wordpress | 2 Progress Planner, Wordpress | 2025-11-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0. | ||||
| CVE-2025-48078 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3. | ||||
| CVE-2025-48077 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0. | ||||