Filtered by vendor Wordpress
Subscriptions
Total
13859 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49778 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | ||||
| CVE-2026-54802 | 2 Cozyvision, Wordpress | 2 Sms Alert Order Notifications, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions. | ||||
| CVE-2026-54811 | 2 Tipsandtricks-hq, Wordpress | 2 Wp Emember, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | ||||
| CVE-2025-69140 | 2 Seventhqueen, Wordpress | 2 Sweet Date, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions. | ||||
| CVE-2026-54821 | 2 Bootstrapped, Wordpress | 2 Visual Link Preview, Wordpress | 2026-06-26 | 7.4 High |
| Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. | ||||
| CVE-2026-54822 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2026-06-26 | 8.5 High |
| Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions. | ||||
| CVE-2026-54828 | 2 Stylemix, Wordpress | 2 Motors, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. | ||||
| CVE-2026-54830 | 2 Etoile Web Design Incorporated, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions. | ||||
| CVE-2026-54849 | 2 Premmerce, Wordpress | 2 Wishlist For Woocommerce, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. | ||||
| CVE-2026-56053 | 2 Theeventprime, Wordpress | 2 Eventprime, Wordpress | 2026-06-26 | 8.8 High |
| Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions. | ||||
| CVE-2026-56071 | 2 Wordpress, Wpmudev | 2 Wordpress, Forminator Forms | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions. | ||||
| CVE-2026-54848 | 2 Saad Iqbal, Wordpress | 2 Apiexperts Square For Woocommerce, Wordpress | 2026-06-26 | 8.3 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3. | ||||
| CVE-2026-56006 | 2 H5p, Wordpress | 2 H5p, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions. | ||||
| CVE-2026-56050 | 2 Themeisle, Wordpress | 2 Ppom For Woocommerce, Wordpress | 2026-06-26 | 6.5 Medium |
| Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18. | ||||
| CVE-2026-57619 | 2 Elementor, Wordpress | 2 Elementor Website Builder, Wordpress | 2026-06-25 | 6.5 Medium |
| Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions. | ||||
| CVE-2026-27366 | 2 Mainwp, Wordpress | 2 Mainwp Child, Wordpress | 2026-06-25 | 7.5 High |
| Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions. | ||||
| CVE-2026-54823 | 2 Marketingfire, Wordpress | 2 Widget-options, Wordpress | 2026-06-25 | 9.9 Critical |
| Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. | ||||
| CVE-2026-56005 | 2 Melapress, Wordpress | 2 Wp Activity Log, Wordpress | 2026-06-25 | 7.1 High |
| Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions. | ||||
| CVE-2026-54842 | 2 Royal Plugins, Wordpress | 2 Royal Mcp, Wordpress | 2026-06-25 | 8.1 High |
| Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. | ||||
| CVE-2026-56014 | 2 Averta, Wordpress | 2 Master Slider, Wordpress | 2026-06-25 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions. | ||||