Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
13486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-52692 | 2 Wordpress, Wp.insider | 2 Wordpress, Affiliates Manager | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | ||||
| CVE-2026-52694 | 2 Wordpress, Wp E-signature | 2 Wordpress, Signature Add-on For Woocommerce | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | ||||
| CVE-2026-52695 | 2 Al Monsor, Wordpress | 2 Abc Crypto Checkout, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | ||||
| CVE-2026-52700 | 2 Wcmultishipping – Mondial Relay & Chronopost For Wooommerce, Wordpress | 2 Wcmultishipping, Wordpress | 2026-06-23 | 8.5 High |
| Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions. | ||||
| CVE-2026-52702 | 2 Wordpress, Wp-buy | 2 Wordpress, Seo Redirection | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions. | ||||
| CVE-2026-10780 | 2 Mohammadtanzilurrahman, Wordpress | 2 Static Block, Wordpress | 2026-06-23 | 4.3 Medium |
| The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to the static_block_content() shortcode handler retrieving a post via get_post() using an attacker-supplied 'id' attribute and outputting its post_content without verifying the post's status (private, draft, pending) or the requesting user's capability to view it. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary posts, including private and draft static blocks (and any other post type) created by administrators, by embedding the [static_block_content id="X"] shortcode in their own content and previewing it. | ||||
| CVE-2026-10093 | 2 Deepakkite, Wordpress | 2 Secure Client Portal And Private File Sharing Plugin – User Private Files, Wordpress | 2026-06-23 | 6.4 Medium |
| The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-68045 | 2 Arraytics, Wordpress | 2 Wp Event Solution, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | ||||
| CVE-2026-39437 | 2 Wordpress, Wpfactory | 2 Wordpress, Min Max Step Quantity Limits Manager For Woocommerce | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions. | ||||
| CVE-2026-39574 | 2 Realmag777, Wordpress | 2 Inpost Gallery, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. | ||||
| CVE-2026-52711 | 2 Kilbot, Wordpress | 2 Woocommerce Pos, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions. | ||||
| CVE-2026-52715 | 2 Eyal Fitoussi, Wordpress | 2 Geo My Wordpress, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions. | ||||
| CVE-2026-54190 | 2 Awesomemotive, Wordpress | 2 Envira Photo Gallery, Wordpress | 2026-06-23 | 6.5 Medium |
| Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | ||||
| CVE-2026-54191 | 2 Pods Framework, Wordpress | 2 Pods, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions. | ||||
| CVE-2026-54197 | 2 Wordpress, Wpmet | 2 Wordpress, Getgenie | 2026-06-23 | 6.5 Medium |
| Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions. | ||||
| CVE-2026-49774 | 2 Filipe Nasc, Wordpress | 2 Rd Station, Wordpress | 2026-06-23 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0. | ||||
| CVE-2026-40809 | 2 Rara Themes, Wordpress | 2 Metro Magazine, Wordpress | 2026-06-23 | 6.5 Medium |
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1. | ||||
| CVE-2026-40750 | 2 Themagnifico52, Wordpress | 2 Kids Online Store, Wordpress | 2026-06-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9. | ||||
| CVE-2025-58924 | 2 Themerex Group, Wordpress | 2 Geya, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Geya <= 1.15 versions. | ||||
| CVE-2025-60085 | 2 Themerex Group, Wordpress | 2 Learnify, Wordpress | 2026-06-23 | 8.1 High |
| Unauthenticated Local File Inclusion in Learnify <= 1.15.0 versions. | ||||