Wordpress - Wordpress CVE

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Total 5543 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53334	2 Tielabs, Wordpress	2 Jannah, Wordpress	2025-08-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah allows PHP Local File Inclusion. This issue affects Jannah: from n/a through 7.4.1.
CVE-2025-53572	2 Emarketdesign, Wordpress	2 Wp Easy Contact, Wordpress	2025-08-29	8.1 High
Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact allows Object Injection. This issue affects WP Easy Contact: from n/a through 4.0.1.
CVE-2025-54742	1 Wordpress	1 Wordpress	2025-08-29	8.8 High
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8.
CVE-2025-53578	1 Wordpress	1 Wordpress	2025-08-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kipso allows PHP Local File Inclusion. This issue affects Kipso: from n/a through 1.3.4.
CVE-2025-53583	1 Wordpress	1 Wordpress	2025-08-29	8.1 High
Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight allows Object Injection. This issue affects Employee Spotlight: from n/a through 5.1.1.
CVE-2025-53337	1 Wordpress	1 Wordpress	2025-08-29	5.4 Medium
Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3.
CVE-2025-49407	2 Favethemes, Wordpress	2 Houzez, Wordpress	2025-08-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1.
CVE-2025-49388	1 Wordpress	1 Wordpress	2025-08-29	9.8 Critical
Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows Privilege Escalation. This issue affects Miraculous Core Plugin: from n/a through 2.0.7.
CVE-2025-53216	1 Wordpress	1 Wordpress	2025-08-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeUniver Glamer allows PHP Local File Inclusion. This issue affects Glamer: from n/a through 1.0.2.
CVE-2025-53588	1 Wordpress	1 Wordpress	2025-08-29	7.7 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2.
CVE-2025-53230	2 Elementor, Wordpress	2 Elementor, Wordpress	2025-08-29	7.6 High
Missing Authorization vulnerability in honzat Page Manager for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page Manager for Elementor: from n/a through 2.0.5.
CVE-2025-53248	1 Wordpress	1 Wordpress	2025-08-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine allows PHP Local File Inclusion. This issue affects Magazine: from n/a through 1.2.2.
CVE-2025-53227	1 Wordpress	1 Wordpress	2025-08-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Saga allows PHP Local File Inclusion. This issue affects Magazine Saga: from n/a through 1.2.7.
CVE-2025-53244	1 Wordpress	1 Wordpress	2025-08-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Elite allows PHP Local File Inclusion. This issue affects Magazine Elite: from n/a through 1.2.4.
CVE-2025-58205	2 Elementinvader, Wordpress	2 Elementinvader Addons For Elementor, Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.6.
CVE-2025-48322	1 Wordpress	1 Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Finn Dohrn Statify Widget allows Stored XSS. This issue affects Statify Widget: from n/a through 1.4.6.
CVE-2025-48305	1 Wordpress	1 Wordpress	2025-08-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon allows Stored XSS. This issue affects Goal Tracker for Patreon: from n/a through 0.4.6.
CVE-2025-58211	2 Alexvtn, Wordpress	2 Chatbox Manager, Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager allows Stored XSS. This issue affects Chatbox Manager: from n/a through 1.2.6.
CVE-2025-58203	2 Solacewp, Wordpress	2 Solace Extra, Wordpress	2025-08-29	4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2.
CVE-2025-48343	1 Wordpress	1 Wordpress	2025-08-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows Stored XSS. This issue affects WPMU Ldap Authentication: from n/a through 5.0.1.

« first previous Page 18 of 278. next last »