Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
12036 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14892 | 2 Prime Listing Manager, Wordpress | 2 Prime Listing Manager, Wordpress | 2026-04-27 | 9.8 Critical |
| The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret. | ||||
| CVE-2025-58922 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-04-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2. | ||||
| CVE-2025-69347 | 2 Convers Lab, Wordpress | 2 Wpsubscription, Wordpress | 2026-04-27 | 8.6 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10. | ||||
| CVE-2025-69097 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. | ||||
| CVE-2025-69039 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through <= 1.3.4. | ||||
| CVE-2025-69043 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through <= 1.1.3. | ||||
| CVE-2025-69042 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5. | ||||
| CVE-2025-69027 | 2 Tychesoftwares, Wordpress | 2 Product Delivery Date For Woocommerce Lite, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through <= 3.2.0. | ||||
| CVE-2025-69040 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through <= 1.2.1. | ||||
| CVE-2025-49994 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Athens athens allows PHP Local File Inclusion.This issue affects Athens: from n/a through <= 1.1.6. | ||||
| CVE-2025-49949 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2. | ||||
| CVE-2025-49952 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2026-04-27 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.2.5. | ||||
| CVE-2025-49935 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through < 8.3.2. | ||||
| CVE-2025-49931 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through <= 3.5.10. | ||||
| CVE-2025-49926 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2026-04-27 | 7.2 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25. | ||||
| CVE-2025-49925 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2026-04-27 | 7.5 High |
| Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | ||||
| CVE-2025-49922 | 2 Etruel, Wordpress | 2 Wpematico Rss Feed Fetcher, Wordpress | 2026-04-27 | 4.3 Medium |
| Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3. | ||||
| CVE-2025-49921 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through <= 3.0.0. | ||||
| CVE-2025-49398 | 2 Easy-appointments, Wordpress | 2 Easy Appointments, Wordpress | 2026-04-27 | 6.5 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through <= 3.12.14. | ||||
| CVE-2025-49394 | 2 Bplugins, Wordpress | 2 Image Gallery Block, Wordpress | 2026-04-27 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a through <= 1.0.7. | ||||