Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
8301 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47569 | 3 Woocommerce, Wordpress, Wpswings | 4 Gift Cards, Woocommerce, Wordpress and 1 more | 2025-09-11 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates. This issue affects WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates: from n/a through 2.8.10. | ||||
| CVE-2025-53340 | 2 Getawesomesupport, Wordpress | 2 Awesome Support, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in awesomesupport Awesome Support. This issue affects Awesome Support: from n/a through 6.3.4. | ||||
| CVE-2025-53291 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 5.4 Medium |
| Missing Authorization vulnerability in spoddev2021 Spreadconnect. This issue affects Spreadconnect: from n/a through 2.1.5. | ||||
| CVE-2025-47694 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a through 3.4.7. | ||||
| CVE-2025-39523 | 2 Goodbarber, Wordpress | 2 Goodbarber, Wordpress | 2025-09-11 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in GoodBarber GoodBarber. This issue affects GoodBarber: from n/a through 1.0.26. | ||||
| CVE-2025-47579 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2. | ||||
| CVE-2025-39541 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.5 Medium |
| Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar. This issue affects WP Simple Booking Calendar: from n/a through 2.0.13. | ||||
| CVE-2025-39553 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9. | ||||
| CVE-2025-53348 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in Laborator Kalium. This issue affects Kalium: from n/a through 3.18.3. | ||||
| CVE-2025-59005 | 2 Frenify, Wordpress | 2 Categorify, Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5. | ||||
| CVE-2025-58991 | 3 Cristiano Zanca, Woocommerce, Wordpress | 3 Woocommerce Booking Bundle Hours, Woocommerce, Wordpress | 2025-09-11 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4. | ||||
| CVE-2025-58988 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Dolson My Tickets allows Stored XSS. This issue affects My Tickets: from n/a through 2.0.22. | ||||
| CVE-2025-58984 | 2 Welcart, Wordpress | 2 E-commerce, Wordpress | 2025-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20. | ||||
| CVE-2025-58979 | 2 Berqier, Wordpress | 2 Berqwp, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53. | ||||
| CVE-2025-58978 | 2 Wordpress, Wpswings | 2 Wordpress, Pdf Generator For Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4. | ||||
| CVE-2025-58976 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | ||||
| CVE-2025-58975 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1. | ||||
| CVE-2025-58993 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2025-09-11 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4. | ||||
| CVE-2025-58215 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. This issue affects Ziston: from n/a through n/a. | ||||
| CVE-2025-58997 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10. | ||||