Filtered by vendor Wordpress
Subscriptions
Total
9828 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24521 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1. | ||||
| CVE-2026-22388 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through <= 2.2.2. | ||||
| CVE-2026-22382 | 2 Mikado-themes, Wordpress | 2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress | 2026-01-27 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2025-69184 | 2 E-plugins, Wordpress | 2 Institutions Directory, Wordpress | 2026-01-27 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4. | ||||
| CVE-2025-60116 | 2 Themegoods, Wordpress | 2 Grand Conference, Wordpress | 2026-01-27 | 5.4 Medium |
| Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3. | ||||
| CVE-2025-8113 | 2 Shopfiles, Wordpress | 2 Ebook Store, Wordpress | 2026-01-27 | 6.1 Medium |
| The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | ||||
| CVE-2026-22411 | 2 Mikado-themes, Wordpress | 2 Dolcino, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6. | ||||
| CVE-2026-22409 | 2 Mikado-themes, Wordpress | 2 Justicia, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2. | ||||
| CVE-2026-22407 | 2 Mikado-themes, Wordpress | 2 Roam, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1. | ||||
| CVE-2026-22406 | 2 Mikado-themes, Wordpress | 2 Overton, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3. | ||||
| CVE-2026-22391 | 2 Mikado-themes, Wordpress | 2 Cocco, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through <= 1.5.1. | ||||
| CVE-2026-22358 | 2 Smartdatasoft, Wordpress | 2 Electrician - Electrical Service Wordpress, Wordpress | 2026-01-27 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6. | ||||
| CVE-2026-22348 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 5.3 Medium |
| Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53. | ||||
| CVE-2025-69319 | 2 Wordpress, Wpbeaverbuilder | 2 Wordpress, Beaver Builder | 2026-01-27 | 7.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through <= 2.9.4.1. | ||||
| CVE-2025-69315 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-01-27 | 6.5 Medium |
| Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15. | ||||
| CVE-2025-69314 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through < 4.8.3. | ||||
| CVE-2025-69313 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-27 | 7.5 High |
| Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3. | ||||
| CVE-2025-69312 | 2 Wordpress, Xpro | 2 Wordpress, Xpro Elementor Addons | 2026-01-27 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1. | ||||
| CVE-2025-69311 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 7.6 High |
| Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.1. | ||||
| CVE-2026-24539 | 2 Clickdatos, Wordpress | 2 Proteccion De Datos Rgpd, Wordpress | 2026-01-27 | 5.3 Medium |
| Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through <= 0.68. | ||||