Filtered by vendor Wordpress
Subscriptions
Total
13947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49106 | 2 Crmperks, Wordpress | 2 Integration For Contact Form 7 And Constant Contact, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. | ||||
| CVE-2026-49765 | 2 Crm Perks, Wordpress | 2 Integration For Mailchimp And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions. | ||||
| CVE-2026-39581 | 2 Activity-log.com, Wordpress | 2 Wp Sessions Time Monitoring Full Automatic, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions. | ||||
| CVE-2026-39480 | 2 Inisev, Wordpress | 2 Backup Migration, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions. | ||||
| CVE-2026-48880 | 2 Ahmad, Wordpress | 2 Wp Job Portal, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions. | ||||
| CVE-2026-49085 | 2 Crmperks, Wordpress | 2 Wp Insightly For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | ||||
| CVE-2026-49781 | 2 Brainstorm Force, Wordpress | 2 Ottokit, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | ||||
| CVE-2026-48867 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions. | ||||
| CVE-2026-48885 | 2 Groundhogg, Wordpress | 2 Hollerbox, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. | ||||
| CVE-2026-39472 | 2 Wordpress, Wpovernight | 2 Wordpress, Woocommerce Pdf Invoices\& Packing Slips | 2026-06-16 | 7.2 High |
| Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions. | ||||
| CVE-2026-40762 | 2 Wordpress, Wpgraphql | 2 Wordpress, Wpgraphql | 2026-06-16 | 7.5 High |
| Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions. | ||||
| CVE-2026-40790 | 2 Veronalabs, Wordpress | 2 Wp Sms, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions. | ||||
| CVE-2026-42651 | 2 Mamunur Rashid, Wordpress | 2 Classified Listing, Wordpress | 2026-06-16 | 6.3 Medium |
| Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions. | ||||
| CVE-2026-48882 | 2 Codepeople, Wordpress | 2 Wp Time Slots Booking Form, Wordpress | 2026-06-16 | 8.5 High |
| Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. | ||||
| CVE-2026-49056 | 2 Webtoffee, Wordpress | 2 Woocommerce Pdf Invoices, Packing Slips, Delivery Notes And Shipping Labels, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions. | ||||
| CVE-2026-49068 | 2 Relywp, Wordpress | 2 Coupon Affiliates, Wordpress | 2026-06-16 | 7.5 High |
| Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. | ||||
| CVE-2026-49083 | 2 Latepoint, Wordpress | 2 Latepoint, Wordpress | 2026-06-16 | 7.5 High |
| Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | ||||
| CVE-2026-5149 | 2 Rometheme, Wordpress | 2 Rtmkit, Wordpress | 2026-06-16 | 6.5 Medium |
| The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission data. This makes it possible for authenticated attackers, with Contributor-level access and above, to view arbitrary form submissions from other users by iterating the entries_id parameter. | ||||
| CVE-2016-20075 | 2 Etoilewebdesign, Wordpress | 2 Ultimate Product Catalog, Wordpress | 2026-06-16 | 8.8 High |
| WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server. | ||||
| CVE-2026-40793 | 2 Groundhogg, Wordpress | 2 Groundhogg, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Groundhogg < 4.4.1 versions. | ||||