Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 9452 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-22462 1 Wordpress 1 Wordpress 2026-01-23 N/A
Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through <= 1.4.5.
CVE-2025-69292 2 E-plugins, Wordpress 2 Wp Membership, Wordpress 2026-01-23 N/A
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2026-22426 1 Wordpress 1 Wordpress 2026-01-23 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2.
CVE-2025-69321 2 Themegoods, Wordpress 2 Grand Spa, Wordpress 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through <= 3.5.5.
CVE-2026-22464 2 Wordpress, Wphocus 2 Wordpress, My Auctions Allegro 2026-01-23 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through <= 3.6.33.
CVE-2025-69184 2 E-plugins, Wordpress 2 Institutions Directory, Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4.
CVE-2025-69315 2 Nsquared, Wordpress 2 Simply Schedule Appointments, Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15.
CVE-2025-69191 1 Wordpress 1 Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.
CVE-2026-22406 2 Mikado-themes, Wordpress 2 Overton, Wordpress 2026-01-23 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.
CVE-2026-22353 1 Wordpress 1 Wordpress 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through <= 9.0.12.
CVE-2026-23975 2 Uxper, Wordpress 2 Golo, Wordpress 2026-01-23 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5.
CVE-2025-69314 1 Wordpress 1 Wordpress 2026-01-23 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through < 4.8.3.
CVE-2026-22355 2 Gregmolnar, Wordpress 2 Simple Xml Sitemap, Wordpress 2026-01-23 N/A
Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.
CVE-2025-69320 1 Wordpress 1 Wordpress 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: from n/a through <= 3.5.7.
CVE-2026-22470 2 Firestorm Plugins, Wordpress 2 Firestorm Professional Real Estate, Wordpress 2026-01-23 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through <= 2.7.11.
CVE-2026-22447 1 Wordpress 1 Wordpress 2026-01-23 N/A
Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1.
CVE-2025-69318 1 Wordpress 1 Wordpress 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hossni Mubarak JobWP jobwp allows Stored XSS.This issue affects JobWP: from n/a through <= 2.4.5.
CVE-2026-22463 2 Micro.company, Wordpress 2 Form To Chat App, Wordpress 2026-01-23 N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5.
CVE-2026-22409 2 Mikado-themes, Wordpress 2 Justicia, Wordpress 2026-01-23 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2.
CVE-2026-22398 2 Mikado-themes, Wordpress 2 Fleur, Wordpress 2026-01-23 N/A
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0.