Filtered by vendor Wordpress
Subscriptions
Total
11973 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47579 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-04-23 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2. | ||||
| CVE-2025-47574 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management school-management allows Reflected XSS.This issue affects School Management: from n/a through <= 92.0.0. | ||||
| CVE-2025-47571 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder superstorefinder-wp allows PHP Local File Inclusion.This issue affects Super Store Finder: from n/a through < 7.8. | ||||
| CVE-2025-47570 | 2 Villatheme, Wordpress | 2 Woocommerce Photo Reviews, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.3.13. | ||||
| CVE-2025-47569 | 3 Woocommerce, Wordpress, Wpswings | 4 Gift Cards, Woocommerce, Wordpress and 1 more | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through <= 2.9.6. | ||||
| CVE-2025-47567 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background universal-video-player-and-bg allows Blind SQL Injection.This issue affects Video Player & FullScreen Video Background: from n/a through <= 2.4.1. | ||||
| CVE-2025-47566 | 2 Digitalzoomstudio, Wordpress | 3 Dzs-zoomsounds, Zoomsounds, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds ZoomSounds dzs-zoomsounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through <= 6.91. | ||||
| CVE-2025-47565 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.3 Medium |
| Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through <= 4.9.9. | ||||
| CVE-2025-47564 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 4.9.8. | ||||
| CVE-2025-47559 | 2 Mapsvg, Wordpress | 2 Mapsvg, Wordpress | 2026-04-23 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through < 8.7.4. | ||||
| CVE-2025-47553 | 2 Digitalzoomstudio, Wordpress | 2 Video Gallery, Wordpress | 2026-04-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery dzs-videogallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39. | ||||
| CVE-2025-47552 | 2 Digitalzoomstudio, Wordpress | 2 Video Gallery, Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery dzs-videogallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through <= 12.39. | ||||
| CVE-2025-47551 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed wiki-embed allows Cross Site Request Forgery.This issue affects Wiki Embed: from n/a through <= 1.4.6. | ||||
| CVE-2025-47536 | 2 Keywordrush, Wordpress | 2 Content Egg, Wordpress | 2026-04-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0. | ||||
| CVE-2025-47528 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in pewilliams Ovation Elements ovation-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovation Elements: from n/a through <= 1.1.2. | ||||
| CVE-2025-47524 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karim42 Quran multilanguage Text & Audio quran-text-multilanguage allows Stored XSS.This issue affects Quran multilanguage Text & Audio: from n/a through <= 2.3.23. | ||||
| CVE-2025-47523 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster seznam-webmaster allows Cross Site Request Forgery.This issue affects Seznam Webmaster: from n/a through <= 1.4.7. | ||||
| CVE-2025-47522 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AWEOS GmbH AWEOS WP Lock aweos-wp-lock allows Stored XSS.This issue affects AWEOS WP Lock: from n/a through <= 1.4.8. | ||||
| CVE-2025-47515 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seb WP DPE-GES wp-dpe-ges allows DOM-Based XSS.This issue affects WP DPE-GES: from n/a through <= 1.6. | ||||
| CVE-2025-47513 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms infocob-crm-forms allows Path Traversal.This issue affects Infocob CRM Forms: from n/a through <= 2.4.0. | ||||