Filtered by vendor Wordpress
Subscriptions
Total
6751 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62019 | 2 Wordpress, Wpzoom | 2 Wordpress, Recipe Card Blocks For Gutenberg & Elementor | 2025-10-24 | 6.5 Medium |
| Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8. | ||||
| CVE-2025-62015 | 3 Josh Kohlbach, Woocommerce, Wordpress | 4 Advanced Coupons For Woocommerce Coupons, Woocommerce, Woocommerce Smart Coupons and 1 more | 2025-10-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.6.8. | ||||
| CVE-2025-62013 | 1 Wordpress | 1 Wordpress | 2025-10-24 | 4.3 Medium |
| Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0. | ||||
| CVE-2025-62009 | 1 Wordpress | 1 Wordpress | 2025-10-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2. | ||||
| CVE-2025-62008 | 3 Acowebs, Woocommerce, Wordpress | 3 Product Labels For Woocommerce, Woocommerce, Wordpress | 2025-10-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4. | ||||
| CVE-2025-62007 | 1 Wordpress | 1 Wordpress | 2025-10-24 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through <= 1.0.3. | ||||
| CVE-2025-62006 | 2 Veronalabs, Wordpress | 2 Wp Sms, Wordpress | 2025-10-24 | 5.4 Medium |
| Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1. | ||||
| CVE-2025-62005 | 3 Fantasticplugins, Woocommerce, Wordpress | 3 Sumomemberships, Woocommerce, Wordpress | 2025-10-24 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0. | ||||
| CVE-2025-60238 | 1 Wordpress | 1 Wordpress | 2025-10-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34. | ||||
| CVE-2025-60234 | 1 Wordpress | 1 Wordpress | 2025-10-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8. | ||||
| CVE-2025-60232 | 1 Wordpress | 1 Wordpress | 2025-10-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5. | ||||
| CVE-2025-60217 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a through <= 1.2.2. | ||||
| CVE-2025-52740 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through <= 2.4.0. | ||||
| CVE-2025-60227 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2025-10-23 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.3. | ||||
| CVE-2025-60226 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a through <= 1.5.2. | ||||
| CVE-2025-53218 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 5.8 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.5. | ||||
| CVE-2025-52757 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 6.3 Medium |
| Missing Authorization vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0. | ||||
| CVE-2025-52738 | 2 Mediawiki, Wordpress | 2 Wikipedia Preview, Wordpress | 2025-10-23 | 6.5 Medium |
| Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0. | ||||
| CVE-2025-52736 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through <= 2.20.0. | ||||
| CVE-2025-52735 | 2 Wordpress, Xlplugins | 2 Wordpress, Nextmove | 2025-10-23 | 7.3 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.21.0. | ||||