Filtered by vendor Wordpress
Subscriptions
Total
11909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46506 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon – Amazon Affiliate Plugin wpzon allows Reflected XSS.This issue affects WpZon – Amazon Affiliate Plugin: from n/a through <= 1.3. | ||||
| CVE-2025-53434 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ChildHope childhope allows PHP Local File Inclusion.This issue affects ChildHope: from n/a through <= 1.1.8. | ||||
| CVE-2025-48328 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through <= 1.7.0. | ||||
| CVE-2023-47793 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in acmethemes Acme Fix Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through 1.0.0. | ||||
| CVE-2023-47830 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1.2.0. | ||||
| CVE-2025-49413 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: from n/a through <= 7.6. | ||||
| CVE-2025-49870 | 2 Cozmoslabs, Wordpress | 2 Paid Member Subscriptions, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows SQL Injection.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.1. | ||||
| CVE-2025-49962 | 2 Usestrict, Wordpress | 2 Bbpress Notify, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through <= 2.19.5. | ||||
| CVE-2023-48277 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Progressive Web Apps: from n/a through 2.2.21. | ||||
| CVE-2024-31118 | 2 Smartypantsplugins, Wordpress | 2 Sp Project & Document Manager, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70. | ||||
| CVE-2025-52723 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue affects Networker: from n/a through <= 1.2.0. | ||||
| CVE-2025-53266 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in EdwardBock Cron Logger cron-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cron Logger: from n/a through <= 1.3.0. | ||||
| CVE-2025-52832 | 2 Wordpress, Wpo-hr | 2 Wordpress, Ngg Smart Image Search | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search ngg-smart-image-search allows SQL Injection.This issue affects NGG Smart Image Search: from n/a through <= 3.4.1. | ||||
| CVE-2025-53241 | 2 Kodeshpa, Wordpress | 2 Simplified Plugin, Wordpress | 2026-04-15 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11. | ||||
| CVE-2025-53319 | 2 Raptive, Wordpress | 2 Raptive Ads, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a through <= 3.8.0. | ||||
| CVE-2025-54055 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco druco allows Reflected XSS.This issue affects Druco: from n/a through <= 1.5.2. | ||||
| CVE-2025-54682 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.4. | ||||
| CVE-2025-13613 | 2 Elated Themes, Wordpress | 2 Elated Membership, Wordpress | 2026-04-15 | 9.8 Critical |
| The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'eltdf_membership_check_facebook_user' and the 'eltdf_membership_login_user_from_social_network' function. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email. | ||||
| CVE-2023-49849 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Aakash Chakravarthy Shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through 6.3. | ||||
| CVE-2025-53275 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka leyka allows DOM-Based XSS.This issue affects Leyka: from n/a through <= 3.32.1. | ||||