Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 6844 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-30909 2 Conversios, Wordpress 2 Conversios.io, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3.
CVE-2025-30911 2 Rometheme, Wordpress 2 Romethemekit For Elementor, Wordpress 2025-07-12 9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4.
CVE-2025-30925 2 Webangon, Wordpress 2 The Pack Elementor Addons, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1.
CVE-2025-31002 2 Bogdan Bendziukov, Wordpress 2 Squeeze, Wordpress 2025-07-12 9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6.
CVE-2025-31020 2 Webliberty, Wordpress 2 Simple Spoiler, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS. This issue affects Simple Spoiler: from n/a through 1.4.
CVE-2025-31075 2 Videowhisper, Wordpress 2 Micropayments, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments allows Stored XSS. This issue affects MicroPayments: from n/a through 2.9.29.
CVE-2025-31081 2 Shortpixel, Wordpress 2 Enable Media Replace, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Reflected XSS. This issue affects Enable Media Replace: from n/a through 4.1.5.
CVE-2025-31083 2 Wordpress, Zeen101 2 Wordpress, Leaky Paywall 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall allows Stored XSS. This issue affects Leaky Paywall: from n/a through 4.21.7.
CVE-2025-31088 2 Cozmoslabs, Wordpress 2 Paid Member Subscriptions, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS. This issue affects Paid Member Subscriptions: from n/a through 2.14.3.
CVE-2025-31387 2 Instawp, Wordpress 2 Instawp Connect, Wordpress 2025-07-12 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82.
CVE-2025-31417 2 Fahad Mahmood, Wordpress 2 Wp Docs, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a.
CVE-2025-31552 2 Davidfcarr, Wordpress 2 Rsvpmarker, Wordpress 2025-07-12 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.4.8.
CVE-2025-31613 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from n/a through 4.6.
CVE-2025-31619 2 Marcoingraiti, Wordpress 2 Actionwear Products Sync, Wordpress 2025-07-12 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3.
CVE-2025-31822 2 Ashish Ajani, Wordpress 2 Wp Simple Html Sitemap, Wordpress 2025-07-12 5.3 Medium
Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2.
CVE-2025-31860 2 Wordpress, Wpeka 2 Wordpress, Wp Adcenter 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.5.9.
CVE-2025-31867 2 Joomsky, Wordpress 2 Js Job Manager, Wordpress 2025-07-12 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2025-31877 2 Magnigenie, Wordpress 2 Restropress, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4.
CVE-2025-31892 2 Themeum, Wordpress 2 Wp Crowdfunding, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.13.
CVE-2025-31895 2 Paulrosen, Wordpress 2 Abc Notation, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paulrosen ABC Notation allows Stored XSS. This issue affects ABC Notation: from n/a through 6.1.3.