Filtered by vendor Wordpress
Subscriptions
Total
13954 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40791 | 2 Codepeople, Wordpress | 2 Wp Time Slots Booking Form, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. | ||||
| CVE-2026-40794 | 2 Mycred, Wordpress | 2 Mycred, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in myCred <= 3.0.3 versions. | ||||
| CVE-2026-42386 | 2 Tychesoftwares, Wordpress | 2 Order Delivery Date For Woocommerce, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions. | ||||
| CVE-2026-42639 | 2 Dev4press, Wordpress | 2 Gd Rating System, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions. | ||||
| CVE-2026-42658 | 2 Mamunur Rashid, Wordpress | 2 Classified Listing, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions. | ||||
| CVE-2026-42667 | 2 Bookly, Wordpress | 2 Bookly, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions. | ||||
| CVE-2026-42688 | 2 Wordpress, Wpchill | 2 Wordpress, Modula Image Gallery | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions. | ||||
| CVE-2026-42775 | 2 Automatorwp, Wordpress | 2 Automatorwp, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions. | ||||
| CVE-2026-34892 | 2 Rank Math Seo, Wordpress | 2 Rank Math Seo, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions. | ||||
| CVE-2026-39463 | 2 Managewp, Wordpress | 2 Managewp Worker, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions. | ||||
| CVE-2026-39474 | 2 Metaphorcreations, Wordpress | 2 Post Duplicator, Wordpress | 2026-06-16 | 8.8 High |
| Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions. | ||||
| CVE-2026-39512 | 2 Paolo, Wordpress | 2 Geodirectory, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions. | ||||
| CVE-2026-49105 | 2 Crmperks, Wordpress | 2 Wp Zendesk For Contact Form 7, Wpforms, Elementor, Formidable And Ninja Forms, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | ||||
| CVE-2026-52693 | 2 Implecode, Wordpress | 2 Ecommerce Product Catalog, Wordpress | 2026-06-16 | 9.3 Critical |
| Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | ||||
| CVE-2026-40767 | 2 Tomdever, Wordpress | 2 Wpforo Forum, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions. | ||||
| CVE-2026-48965 | 2 Watchful, Wordpress | 2 Xcloner, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions. | ||||
| CVE-2026-49764 | 2 Metagauss, Wordpress | 2 Registrationmagic, Wordpress | 2026-06-16 | 9.8 Critical |
| Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | ||||
| CVE-2026-49773 | 2 Foliovision, Wordpress | 2 Fv Flowplayer Video Player, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. | ||||
| CVE-2019-25746 | 2 Slicedinvoices, Wordpress | 2 Sliced Invoices, Wordpress | 2026-06-16 | 7.1 High |
| WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicate_quote_invoice and malicious 'post' values to extract sensitive database information or modify data. | ||||
| CVE-2026-34902 | 2 Wcproducttable, Wordpress | 2 Woocommerce Product Table Lite, Wordpress | 2026-06-16 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions. | ||||