Filtered by vendor Wordpress Subscriptions
Total 13859 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-49778 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-54802 2 Cozyvision, Wordpress 2 Sms Alert Order Notifications, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-54811 2 Tipsandtricks-hq, Wordpress 2 Wp Emember, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
CVE-2025-69140 2 Seventhqueen, Wordpress 2 Sweet Date, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.
CVE-2026-54821 2 Bootstrapped, Wordpress 2 Visual Link Preview, Wordpress 2026-06-26 7.4 High
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
CVE-2026-54822 2 Salesmanago, Wordpress 2 Salesmanago, Wordpress 2026-06-26 8.5 High
Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.
CVE-2026-54828 2 Stylemix, Wordpress 2 Motors, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.
CVE-2026-54830 2 Etoile Web Design Incorporated, Wordpress 2 Five Star Restaurant Reservations, Wordpress 2026-06-26 7.5 High
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
CVE-2026-54849 2 Premmerce, Wordpress 2 Wishlist For Woocommerce, Wordpress 2026-06-26 9.3 Critical
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
CVE-2026-56053 2 Theeventprime, Wordpress 2 Eventprime, Wordpress 2026-06-26 8.8 High
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
CVE-2026-56071 2 Wordpress, Wpmudev 2 Wordpress, Forminator Forms 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
CVE-2026-54848 2 Saad Iqbal, Wordpress 2 Apiexperts Square For Woocommerce, Wordpress 2026-06-26 8.3 High
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
CVE-2026-56006 2 H5p, Wordpress 2 H5p, Wordpress 2026-06-26 7.1 High
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
CVE-2026-56050 2 Themeisle, Wordpress 2 Ppom For Woocommerce, Wordpress 2026-06-26 6.5 Medium
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
CVE-2026-57619 2 Elementor, Wordpress 2 Elementor Website Builder, Wordpress 2026-06-25 6.5 Medium
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
CVE-2026-27366 2 Mainwp, Wordpress 2 Mainwp Child, Wordpress 2026-06-25 7.5 High
Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.
CVE-2026-54823 2 Marketingfire, Wordpress 2 Widget-options, Wordpress 2026-06-25 9.9 Critical
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
CVE-2026-56005 2 Melapress, Wordpress 2 Wp Activity Log, Wordpress 2026-06-25 7.1 High
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-54842 2 Royal Plugins, Wordpress 2 Royal Mcp, Wordpress 2026-06-25 8.1 High
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.
CVE-2026-56014 2 Averta, Wordpress 2 Master Slider, Wordpress 2026-06-25 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.