Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
13446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39523 | 2 Elated-themes, Wordpress | 2 Solene Core, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions. | ||||
| CVE-2026-39556 | 2 Elated-themes, Wordpress | 2 Konsept, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Konsept <= 1.9 versions. | ||||
| CVE-2026-39560 | 2 Select-themes, Wordpress | 2 Hiroshi, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions. | ||||
| CVE-2026-39576 | 2 Elated-themes, Wordpress | 2 Singlemalt, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. | ||||
| CVE-2026-39590 | 2 Thememove, Wordpress | 2 Atomlab, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions. | ||||
| CVE-2026-40733 | 2 Mikado-themes, Wordpress | 2 Shiftup, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions. | ||||
| CVE-2026-40756 | 2 Mikado-themes, Wordpress | 2 Zoya, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Zoya <= 1.4 versions. | ||||
| CVE-2026-40757 | 2 Mikado-themes, Wordpress | 2 Château, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Château <= 1.2.1 versions. | ||||
| CVE-2026-52707 | 2 Mikado-themes, Wordpress | 2 Kastell, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. | ||||
| CVE-2026-54813 | 2 Brainstorm Force, Wordpress | 2 Suredash, Wordpress | 2026-06-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a through 1.8.0. | ||||
| CVE-2026-5305 | 3 Email Encoder, Simple Mail Address Encoder Project, Wordpress | 3 Email Encoder, Simple Mail Address Encoder, Wordpress | 2026-06-26 | 8.8 High |
| The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks | ||||
| CVE-2026-9702 | 2 Inpost Pl, Wordpress | 2 Inpost Pl, Wordpress | 2026-06-26 | 7.5 High |
| The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or processing order on the site. | ||||
| CVE-2026-12937 | 2 Themefic, Wordpress | 2 Tourfic – Ai Powered Travel Booking, Hotel Booking & Car Rental Wordpress Plugin, Wordpress | 2026-06-26 | 7.5 High |
| The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler is registered for unauthenticated users via wp_ajax_nopriv_tf_room_availability, and the required nonce is emitted on the public single-hotel page template, allowing unauthenticated attackers to freely obtain a valid nonce and reach the vulnerable code path. | ||||
| CVE-2026-54838 | 2 Rymera Web Co, Wordpress | 2 Wc Vendors Marketplace, Wordpress | 2026-06-26 | 8.5 High |
| Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | ||||
| CVE-2026-54843 | 2 Pluginus.net, Wordpress | 2 Mdtf, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. | ||||
| CVE-2026-54844 | 2 Checkview, Wordpress | 2 Checkview Automated Testing, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions. | ||||
| CVE-2026-54845 | 2 Pluginus.net, Wordpress | 2 Mdtf, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. | ||||
| CVE-2026-56013 | 2 Mycred, Wordpress | 2 License Manager For Woocommerce, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions. | ||||
| CVE-2026-57429 | 2 Elightup, Wordpress | 2 Slim Seo, Wordpress | 2026-06-26 | 6.5 Medium |
| Contributor Broken Access Control in Slim SEO <= 4.6.2 versions. | ||||
| CVE-2026-54836 | 2 Wordpress, Ymc | 2 Wordpress, Ymc Filter | 2026-06-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. | ||||