Filtered by vendor Wordpress
Subscriptions
Total
7950 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62151 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2025-12-11 | 8.8 High |
| Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: from n/a through <= 3.6.3. | ||||
| CVE-2025-62109 | 2 Infinitumform, Wordpress | 2 Geo Controller, Wordpress | 2025-12-11 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through <= 8.9.4. | ||||
| CVE-2025-59132 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Badi Jones Duplicate Content Cure duplicate-content-cure allows Cross Site Request Forgery.This issue affects Duplicate Content Cure: from n/a through <= 1.0. | ||||
| CVE-2025-62739 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through <= 4.80. | ||||
| CVE-2025-12782 | 2 Fastlinemedia, Wordpress | 2 Beaver Builder, Wordpress | 2025-12-11 | 4.3 Medium |
| The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable() function. This makes it possible for authenticated attackers, with contributor level access and above, to disable the Beaver Builder layout on arbitrary posts and pages, causing content integrity issues and layout disruption on those pages. | ||||
| CVE-2025-12558 | 2 Fastlinemedia, Wordpress | 2 Beaver Builder, Wordpress | 2025-12-11 | 4.3 Medium |
| The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'get_attachment_sizes' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the path and meta data of private attachments, which can be used to view the attachments. | ||||
| CVE-2025-13071 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 7.1 High |
| The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-13070 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 6.6 Medium |
| The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks. | ||||
| CVE-2025-62102 | 2 Apasionados, Wordpress | 2 Dofollow Case By Case, Wordpress | 2025-12-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1. | ||||
| CVE-2025-62100 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 5.3 Medium |
| Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9. | ||||
| CVE-2025-62090 | 2 Jegstudio, Wordpress | 3 Gutenverse, Gutenverse News, Wordpress | 2025-12-11 | 6.5 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons: from n/a through <= 3.0.2. | ||||
| CVE-2025-62086 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 5.4 Medium |
| Missing Authorization vulnerability in akazanstev Яндекс Доставка (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Яндекс Доставка (Boxberry): from n/a through <= 2.32. | ||||
| CVE-2025-62085 | 2 Bertha, Wordpress | 2 Bertha Ai, Wordpress | 2025-12-11 | 5.3 Medium |
| Missing Authorization vulnerability in berthaai BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13. | ||||
| CVE-2025-67549 | 2 Bobbingwide, Wordpress | 2 Oik, Wordpress | 2025-12-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= 4.15.3. | ||||
| CVE-2025-63028 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 5.3 Medium |
| Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6. | ||||
| CVE-2025-63015 | 3 Paysera, Woocommerce, Wordpress | 3 Woocommerce Payment Gateway, Woocommerce, Wordpress | 2025-12-11 | 4.3 Medium |
| Missing Authorization vulnerability in paysera WooCommerce Payment Gateway – Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway – Paysera: from n/a through <= 3.9.0. | ||||
| CVE-2025-63007 | 2 Metagauss, Wordpress | 2 Eventprime, Wordpress | 2025-12-11 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1. | ||||
| CVE-2025-62103 | 2 Wordpress, Wpmediadownload | 2 Wordpress, Media Library File Download | 2025-12-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through <= 1.4. | ||||
| CVE-2025-67571 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2025-12-10 | 5.3 Medium |
| Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2. | ||||
| CVE-2025-67570 | 2 Westerndeal, Wordpress | 2 Wpforms Google Sheet Connector, Wordpress | 2025-12-10 | 5.3 Medium |
| Missing Authorization vulnerability in GSheetConnector by WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.0. | ||||