Filtered by vendor Wordpress
Subscriptions
Total
9450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67954 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3. | ||||
| CVE-2025-68003 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10. | ||||
| CVE-2025-68004 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through <= 1.2.1.1. | ||||
| CVE-2025-63017 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes WerkStatt Plugin werkstatt-plugin allows PHP Local File Inclusion.This issue affects WerkStatt Plugin: from n/a through <= 1.6.6. | ||||
| CVE-2025-67957 | 2 Tangiblewp, Wordpress | 2 Listivo, Wordpress | 2026-01-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo Core: from n/a through <= 2.3.77. | ||||
| CVE-2025-67963 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through <= 1.1.5. | ||||
| CVE-2025-66142 | 2 Merkulove, Wordpress | 2 Comparimager For Elementor, Wordpress | 2026-01-23 | N/A |
| Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1. | ||||
| CVE-2025-68015 | 2 Vollstart, Wordpress | 2 Event Tickets With Ticket Scanner, Wordpress | 2026-01-23 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.8.3. | ||||
| CVE-2025-49049 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.37. | ||||
| CVE-2025-50003 | 2 Axiomthemes, Wordpress | 2 Amuli, Wordpress | 2026-01-23 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Amuli amuli allows PHP Local File Inclusion.This issue affects Amuli: from n/a through <= 2.3.0. | ||||
| CVE-2025-68018 | 3 Ilmosys, Woocommerce, Wordpress | 3 Order Listener For Woocommerce, Woocommerce, Wordpress | 2026-01-23 | N/A |
| Missing Authorization vulnerability in ilmosys Order Listener for WooCommerce woc-order-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Listener for WooCommerce: from n/a through <= 3.6.1. | ||||
| CVE-2025-49066 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through <= 1.2. | ||||
| CVE-2025-67923 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2026-01-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7. | ||||
| CVE-2025-50005 | 2 Tagdiv, Wordpress | 2 Composer, Wordpress | 2026-01-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2. | ||||
| CVE-2025-62056 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through <= 1.0.1. | ||||
| CVE-2025-66137 | 2 Merkulove, Wordpress | 2 Searcher For Elementor, Wordpress | 2026-01-23 | N/A |
| Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3. | ||||
| CVE-2025-68011 | 3 Gls, Woocommerce, Wordpress | 3 Shipping For Woocommerce, Woocommerce, Wordpress | 2026-01-23 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through <= 1.4.0. | ||||
| CVE-2025-50004 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-01-23 | N/A |
| Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1. | ||||
| CVE-2025-49055 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. | ||||
| CVE-2025-62754 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0. | ||||