Filtered by vendor Wordpress Subscriptions
Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 9090 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-62873 2 Flashyapp, Wordpress 2 Wp Flashy Marketing Automation, Wordpress 2026-01-20 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Flashyapp WP Flashy Marketing Automation wp-flashy-marketing-automation allows Cross Site Request Forgery.This issue affects WP Flashy Marketing Automation: from n/a through <= 2.0.8.
CVE-2025-62872 1 Wordpress 1 Wordpress 2026-01-20 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in JK Social Photo Fetcher facebook-photo-fetcher allows Cross Site Request Forgery.This issue affects Social Photo Fetcher: from n/a through <= 3.0.4.
CVE-2025-62871 1 Wordpress 1 Wordpress 2026-01-20 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just TinyMCE Custom Styles just-tinymce-styles allows Cross Site Request Forgery.This issue affects Just TinyMCE Custom Styles: from n/a through <= 1.2.1.
CVE-2025-62870 3 Eupago, Woocommerce, Wordpress 3 Eupago Gateway Woocommerce, Woocommerce, Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eupago Gateway For Woocommerce: from n/a through <= 4.6.3.
CVE-2025-62869 2 Gravitec.net, Wordpress 2 Web Push Notifications, Wordpress 2026-01-20 4.3 Medium
Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net &#8211; Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net &#8211; Web Push Notifications: from n/a through <= 2.9.17.
CVE-2025-62868 2 Edge-themes, Wordpress 2 Edge Cpt, Wordpress 2026-01-20 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4.
CVE-2025-62867 1 Wordpress 1 Wordpress 2026-01-20 4.3 Medium
Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ergonet Cache: from n/a through <= 1.0.11.
CVE-2025-62866 1 Wordpress 1 Wordpress 2026-01-20 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Valerio Monti Auto Alt Text auto-alt-text allows Cross Site Request Forgery.This issue affects Auto Alt Text: from n/a through <= 2.5.2.
CVE-2025-62865 1 Wordpress 1 Wordpress 2026-01-20 5.3 Medium
Missing Authorization vulnerability in Evan Herman Post Cloner post-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Cloner: from n/a through <= 1.0.0.
CVE-2025-62762 2 Photoboxone, Wordpress 2 Smtp Mail, Wordpress 2026-01-20 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in photoboxone SMTP Mail smtp-mail allows Cross Site Request Forgery.This issue affects SMTP Mail: from n/a through <= 1.3.47.
CVE-2025-62761 2 Basepress, Wordpress 2 Knowledge Base Documentation & Wiki Plugin, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.17.0.1.
CVE-2025-62760 2 Buddypress, Wordpress 2 Buddypress, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8.
CVE-2025-62759 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series allows Stored XSS.This issue affects Series: from n/a through 2.0.1.
CVE-2025-62758 2 Funnelforms, Wordpress 2 Funnelforms Free, Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8.
CVE-2025-62757 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through 1.5.12.
CVE-2025-62756 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lvaudore The Moneytizer allows DOM-Based XSS.This issue affects The Moneytizer: from n/a through 10.0.6.
CVE-2025-62755 2 Gsplugins, Wordpress 2 Gs Portfolio For Envato, Wordpress 2026-01-20 5.3 Medium
Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions.
CVE-2025-62753 1 Wordpress 1 Wordpress 2026-01-20 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through 1.3.2.
CVE-2025-62752 1 Wordpress 1 Wordpress 2026-01-20 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kalender.Digital Calendar.Online / Kalender.Digital allows DOM-Based XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.11.
CVE-2025-62751 2 Extendthemes, Wordpress 2 Vireo, Wordpress 2026-01-20 4.3 Medium
Missing Authorization vulnerability in Extend Themes Vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through 1.0.24.