Filtered by vendor Wordpress
Subscriptions
Total
8371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49430 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 7.2 High |
| Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player allows Server Side Request Forgery. This issue affects Ultimate Video Player: from n/a through 10.1. | ||||
| CVE-2025-47695 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a through 3.4.7. | ||||
| CVE-2025-47571 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder. This issue affects Super Store Finder: from n/a through 6.9.7. | ||||
| CVE-2025-47437 | 2 Litespeed Technologies, Wordpress | 2 Litespeed Cache, Wordpress | 2025-09-11 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache. This issue affects LiteSpeed Cache: from n/a through 7.0.1. | ||||
| CVE-2025-47570 | 2 Villatheme, Wordpress | 2 Woocommerce Photo Reviews, Wordpress | 2025-09-11 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews. This issue affects WooCommerce Photo Reviews: from n/a through 1.3.13. | ||||
| CVE-2025-49860 | 2 Majesticsupport, Wordpress | 2 Majestic Support, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in Majestic Support Majestic Support. This issue affects Majestic Support: from n/a through 1.1.0. | ||||
| CVE-2025-48101 | 2 Webdevstudios, Wordpress | 2 Constant Contact For Wordpress, Wordpress | 2025-09-11 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1. | ||||
| CVE-2025-53340 | 2 Getawesomesupport, Wordpress | 2 Awesome Support, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in awesomesupport Awesome Support. This issue affects Awesome Support: from n/a through 6.3.4. | ||||
| CVE-2025-47694 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a through 3.4.7. | ||||
| CVE-2025-47579 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2. | ||||
| CVE-2025-58989 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text Field For Contact Form 7: from n/a through 1.0. | ||||
| CVE-2025-58983 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2. | ||||
| CVE-2025-58978 | 2 Wordpress, Wpswings | 2 Wordpress, Pdf Generator For Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4. | ||||
| CVE-2025-58975 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1. | ||||
| CVE-2025-58984 | 2 Welcart, Wordpress | 2 E-commerce, Wordpress | 2025-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20. | ||||
| CVE-2025-58993 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2025-09-11 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4. | ||||
| CVE-2025-59005 | 2 Frenify, Wordpress | 2 Categorify, Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5. | ||||
| CVE-2025-54709 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. | ||||
| CVE-2025-58987 | 2 Antoineh, Wordpress | 2 Football Pool, Wordpress | 2025-09-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.6. | ||||
| CVE-2025-58976 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | ||||