Filtered by vendor Wordpress
Subscriptions
Total
8338 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59579 | 2 Presstigers, Wordpress | 2 Simple Job Board, Wordpress | 2025-11-13 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7. | ||||
| CVE-2025-59578 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 5.8 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects ShopMagic: from n/a through <= 4.5.6. | ||||
| CVE-2025-59575 | 2 Stylemixthemes, Wordpress | 2 Masterstudy Lms, Wordpress | 2025-11-13 | 5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | ||||
| CVE-2025-59566 | 2 Amentotech, Wordpress | 2 Workreap, Wordpress | 2025-11-13 | 7.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows Path Traversal.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.5. | ||||
| CVE-2025-59564 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through < 4.4.5. | ||||
| CVE-2025-59558 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through < 2.1.6. | ||||
| CVE-2025-59557 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through < 1.7.5. | ||||
| CVE-2025-59555 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through < 1.9.7. | ||||
| CVE-2025-59550 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Xcare xcare allows PHP Local File Inclusion.This issue affects Xcare: from n/a through < 6.5. | ||||
| CVE-2025-59007 | 3 Elementor, Themesflat, Wordpress | 3 Elementor, Tf Woo Product Grid Addon For Elementor, Wordpress | 2025-11-13 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through <= 1.0.1. | ||||
| CVE-2025-59006 | 3 Themebon, Woocommerce, Wordpress | 3 Easy Woocommerce Customizer, Woocommerce, Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Easy Woocommerce Customizer easy-woocommerce-customizer allows Reflected XSS.This issue affects Easy Woocommerce Customizer: from n/a through <= 1.0.2. | ||||
| CVE-2025-58966 | 2 Basixonline, Wordpress | 2 Nex-forms, Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms LITE nex-forms-lite allows Reflected XSS.This issue affects NEX-Forms LITE: from n/a through < 8.2. | ||||
| CVE-2025-58955 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Karzo karzo allows PHP Local File Inclusion.This issue affects Karzo: from n/a through < 2.6. | ||||
| CVE-2025-58939 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through <= 7.5. | ||||
| CVE-2025-58921 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Tactical Popup wp-tactical-popup allows Reflected XSS.This issue affects WP Tactical Popup: from n/a through <= 1.1. | ||||
| CVE-2025-58916 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Munzir Author: Munzir myshouts-shoutbox allows Reflected XSS.This issue affects Author: Munzir: from n/a through <= 0.9. | ||||
| CVE-2025-58619 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65. | ||||
| CVE-2025-58595 | 2 Saad Iqbal, Wordpress | 2 All In One Login, Wordpress | 2025-11-13 | 9.1 Critical |
| Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8. | ||||
| CVE-2025-58592 | 2 Cozmoslabs, Wordpress | 2 Translatepress, Wordpress | 2025-11-13 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2. | ||||
| CVE-2025-58243 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 5.3 Medium |
| Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through <= 3.4.0. | ||||