Filtered by vendor Wordpress Subscriptions
Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 13486 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-69103 2 Utillz, Wordpress 2 Brikk, Wordpress 2026-06-23 7.5 High
Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0 versions.
CVE-2025-69104 2 Jkdevstudio, Wordpress 2 Qreatix, Wordpress 2026-06-23 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4 versions.
CVE-2025-69107 2 Themerex, Wordpress 2 Rosaleen, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.
CVE-2025-69108 2 Themerex, Wordpress 2 Hot Coffee, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in Hot Coffee <= 1.7 versions.
CVE-2025-69109 2 Themerex, Wordpress 2 Raider Spirit, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.
CVE-2025-69119 2 Themerex, Wordpress 2 Corbesier, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.
CVE-2025-69121 2 Themerex, Wordpress 2 Deliciosa, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.
CVE-2025-69122 2 Themerex, Wordpress 2 Seafood Company, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
CVE-2025-69125 2 Themerex, Wordpress 2 Food Drop, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Food Drop <= 1.3 versions.
CVE-2025-69131 2 Extendons, Wordpress 2 Wordpress & Woocommerce Scraper Plugin, Import Data From Any Site, Wordpress 2026-06-23 7.5 High
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
CVE-2025-69136 2 Themelogi, Wordpress 2 Wanium, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Wanium <= 1.9.8 versions.
CVE-2025-69137 2 Jthemes, Wordpress 2 Genemy, Wordpress 2026-06-23 6.5 Medium
Subscriber Broken Access Control in Genemy <= 1.6.6 versions.
CVE-2025-69141 2 Themerex, Wordpress 2 Kelly Young, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0 versions.
CVE-2025-69149 2 Themerex, Wordpress 2 Top Dog, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Top Dog <= 1.0.5 versions.
CVE-2025-69177 2 Themelogi, Wordpress 2 Roneous, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.
CVE-2025-69178 2 Cactusthemes, Wordpress 2 Truemag, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.
CVE-2026-27429 2 Boldthemes, Wordpress 2 Nifty, Wordpress 2026-06-23 9.8 Critical
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
CVE-2026-34893 2 Webgeniuslab, Wordpress 2 Thegov Core, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
CVE-2026-34894 2 Webgeniuslab, Wordpress 2 Integrio Core, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
CVE-2026-11989 2 Bitpressadmin, Wordpress 2 Bit Integrations – Form Integration, Webhook, Spreadsheets, Crm, Lms & Email Automation, Wordpress 2026-06-23 6.5 Medium
The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the upload_attachment. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires a form integration to be configured with a field mapped to a WooCommerce product image, product gallery, downloadable files, or Google Contacts attachment field, which is a default use case for these integrations.