Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 8467 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-48293 1 Wordpress 1 Wordpress 2025-08-14 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows PHP Local File Inclusion. This issue affects Geo Mashup: from n/a through 1.13.16.
CVE-2025-47689 1 Wordpress 1 Wordpress 2025-08-14 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS. This issue affects Video Blogster Lite: from n/a through 1.2.
CVE-2025-3703 2 Wipeoutmedia, Wordpress 2 Css & Javascript Toolbox, Wordpress 2025-08-14 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local File Inclusion. This issue affects CSS & JavaScript Toolbox: from n/a through n/a.
CVE-2025-54671 2 Bobbingwide, Wordpress 2 Oik, Wordpress 2025-08-14 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2.
CVE-2025-54678 1 Wordpress 1 Wordpress 2025-08-14 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder allows Blind SQL Injection. This issue affects Easy Form Builder: from n/a through 3.8.15.
CVE-2025-54680 1 Wordpress 1 Wordpress 2025-08-14 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Blogger Buzz allows Stored XSS. This issue affects Blogger Buzz: from n/a through 1.2.6.
CVE-2025-54681 1 Wordpress 1 Wordpress 2025-08-14 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4.
CVE-2025-54682 1 Wordpress 1 Wordpress 2025-08-14 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4.
CVE-2025-54683 1 Wordpress 1 Wordpress 2025-08-14 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Reflected XSS. This issue affects WP Modal Popup with Cookie Integration: from n/a through 2.4.
CVE-2025-54694 2 Bplugins, Wordpress 2 Button Block, Wordpress 2025-08-14 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0.
CVE-2025-54695 1 Wordpress 1 Wordpress 2025-08-14 5.4 Medium
Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.
CVE-2025-7808 1 Wordpress 1 Wordpress 2025-08-14 6.1 Medium
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2025-54705 1 Wordpress 1 Wordpress 2025-08-14 4.3 Medium
Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.4.6.
CVE-2025-47479 2 Wordpress, Wpcompress 2 Wordpress, Wp Compress 2025-08-14 5.3 Medium
Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30.
CVE-2025-54706 1 Wordpress 1 Wordpress 2025-08-14 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52.
CVE-2025-54707 1 Wordpress 1 Wordpress 2025-08-14 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF allows SQL Injection. This issue affects MDTF: from n/a through 1.3.3.7.
CVE-2025-25172 2 Beeteam368, Wordpress 2 Vidmov, Wordpress 2025-08-14 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This issue affects VidMov: from n/a through 1.9.4.
CVE-2025-54698 2 Radiustheme, Wordpress 2 Classified Listing, Wordpress 2025-08-14 5.4 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0.
CVE-2025-54700 1 Wordpress 1 Wordpress 2025-08-14 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This issue affects Makeaholic: from n/a through 1.8.4.
CVE-2025-7384 2 Crmperks, Wordpress 2 Database For Contact Form 7, Wpforms, Elementor Forms, Wordpress 2025-08-13 9.8 Critical
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.