Total
323352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60052 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes W&D wd allows PHP Local File Inclusion.This issue affects W&D: from n/a through <= 1.0. | ||||
| CVE-2025-64295 | 2 Syed Balkhi, Wordpress | 2 All In One Seo Pack, Wordpress | 2025-12-19 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.6.1. | ||||
| CVE-2025-60066 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Katelyn katelyn allows PHP Local File Inclusion.This issue affects Katelyn: from n/a through <= 1.0.10. | ||||
| CVE-2025-60091 | 2 Crm Perks, Wordpress | 2 Wp Gravity Forms Zoho Crm And Bigin, Wordpress | 2025-12-19 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9. | ||||
| CVE-2025-64205 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2025-12-19 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.0. | ||||
| CVE-2025-60064 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Renewal renewal allows PHP Local File Inclusion.This issue affects Renewal: from n/a through <= 1.2.2. | ||||
| CVE-2025-58934 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes The Gig thegig allows PHP Local File Inclusion.This issue affects The Gig: from n/a through <= 1.18.0. | ||||
| CVE-2025-60057 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes DJ Rainflow dj-rainflow allows PHP Local File Inclusion.This issue affects DJ Rainflow: from n/a through <= 1.3.13. | ||||
| CVE-2025-60078 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier Task Manager task-manager allows PHP Local File Inclusion.This issue affects Task Manager: from n/a through <= 3.0.2. | ||||
| CVE-2025-60067 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Giardino giardino allows PHP Local File Inclusion.This issue affects Giardino: from n/a through <= 1.1.10. | ||||
| CVE-2025-60089 | 2 Crm Perks, Wordpress | 2 Wp Gravity Forms Freshdesk Plugin, Wordpress | 2025-12-19 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5. | ||||
| CVE-2025-64207 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2025-12-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through <= 7.6.0. | ||||
| CVE-2025-64231 | 2 Redefiningtheweb, Wordpress | 2 Wordpress Contact Form 7 Pdf Google Sheet Database, Wordpress | 2025-12-19 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database rtwwcfp-wordpress-contact-form-7-pdf allows Using Malicious Files.This issue affects WordPress Contact Form 7 PDF, Google Sheet & Database: from n/a through <= 3.0.0. | ||||
| CVE-2025-60174 | 2 Crm Perks, Wordpress | 2 Wp Gravity Forms Constant Contact Plugin, Wordpress | 2025-12-19 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2. | ||||
| CVE-2025-66068 | 2 Instawp, Wordpress | 2 Instawp Connect, Wordpress | 2025-12-19 | 6.5 Medium |
| Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9. | ||||
| CVE-2025-66074 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through <= 3.3.8. | ||||
| CVE-2025-66102 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 7.5 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7. | ||||
| CVE-2025-14364 | 2 Kraftplugins, Wordpress | 2 Demo Importer Plus, Wordpress | 2025-12-19 | 8.8 High |
| The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handle_request() function in all versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a full site reset, dropping all database tables except users/usermeta and re-running wp_install(), which also assigns the Administrator role to the attacking subscriber account. | ||||
| CVE-2025-13730 | 2 Daggerhartlab, Wordpress | 2 Openid Connect Generic Client, Wordpress | 2025-12-19 | 6.4 Medium |
| The OpenID Connect Generic Client plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'openid_connect_generic_auth_url' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-66088 | 2 Propertyhive, Wordpress | 2 Propertyhive, Wordpress | 2025-12-19 | 7.5 High |
| Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12. | ||||