Filtered by vendor Wordpress
Subscriptions
Total
10428 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62754 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 9.1 Critical |
| Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0. | ||||
| CVE-2025-62741 | 2 Smartdatasoft, Wordpress | 2 Pool Services, Wordpress | 2026-01-26 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3. | ||||
| CVE-2025-62106 | 2 Mario Peshev, Wordpress | 2 Wp-crm-system, Wordpress | 2026-01-26 | 8.8 High |
| Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5. | ||||
| CVE-2025-5805 | 2 Ninetheme, Wordpress | 2 Electron, Wordpress | 2026-01-26 | 8.8 High |
| Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2. | ||||
| CVE-2025-54003 | 2 Mikado-themes, Wordpress | 2 Depot, Wordpress | 2026-01-26 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through <= 1.16. | ||||
| CVE-2025-54002 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 8.8 High |
| Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4. | ||||
| CVE-2025-53240 | 2 Adamlabs, Wordpress | 2 Wordpress Photo Gallery, Wordpress | 2026-01-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through <= 1.1.0. | ||||
| CVE-2025-52762 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through <= 1.0001. | ||||
| CVE-2025-52746 | 2 Ayecode, Wordpress | 2 Restaurante, Wordpress | 2026-01-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ayecode Restaurante restaurante allows Reflected XSS.This issue affects Restaurante: from n/a through <= 3.0.7. | ||||
| CVE-2025-50007 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4. | ||||
| CVE-2025-50006 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through <= 1.2.9.4. | ||||
| CVE-2025-50005 | 2 Tagdiv, Wordpress | 2 Composer, Wordpress | 2026-01-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2. | ||||
| CVE-2025-50003 | 2 Axiomthemes, Wordpress | 2 Amuli, Wordpress | 2026-01-26 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Amuli amuli allows PHP Local File Inclusion.This issue affects Amuli: from n/a through <= 2.3.0. | ||||
| CVE-2025-50002 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2. | ||||
| CVE-2025-49994 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Athens athens allows PHP Local File Inclusion.This issue affects Athens: from n/a through <= 1.1.6. | ||||
| CVE-2025-49375 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 8.8 High |
| Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1. | ||||
| CVE-2025-49336 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <= 1.1.8.4. | ||||
| CVE-2025-49249 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Drone drone allows Reflected XSS.This issue affects Drone: from n/a through <= 1.40. | ||||
| CVE-2025-49066 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through <= 1.2. | ||||
| CVE-2025-49055 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. | ||||