Filtered by vendor Wordpress
Subscriptions
Total
9897 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64257 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 4.3 Medium |
| Missing Authorization vulnerability in Joe Dolson My Tickets my-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Tickets: from n/a through <= 2.1.0. | ||||
| CVE-2025-64256 | 2 Presstigers, Wordpress | 2 Simple Folio, Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Folio simple-folio allows Cross Site Request Forgery.This issue affects Simple Folio: from n/a through <= 1.1.0. | ||||
| CVE-2025-64255 | 2 Bowo, Wordpress | 2 Admin And Site Enhancements Ase, Wordpress | 2026-01-20 | 7.2 High |
| Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.0.8. | ||||
| CVE-2025-64254 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= 1.5.1. | ||||
| CVE-2025-64190 | 2 8theme, Wordpress | 2 Xstore Core, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6. | ||||
| CVE-2025-63070 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2026-01-20 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32. | ||||
| CVE-2025-63068 | 2 Sevenspark, Wordpress | 2 Contact Form 7 - Dynamic Text Extension, Wordpress | 2026-01-20 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through <= 5.0.3. | ||||
| CVE-2025-63067 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 4.3 Medium |
| Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through <= 3.6.2. | ||||
| CVE-2025-63053 | 2 Jeweltheme, Wordpress | 2 Master Addons For Elementor, Wordpress | 2026-01-20 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4. | ||||
| CVE-2025-63047 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2026-01-20 | 5.3 Medium |
| Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9. | ||||
| CVE-2025-63040 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11. | ||||
| CVE-2025-63039 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2026-01-20 | 6.5 Medium |
| Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9. | ||||
| CVE-2025-63038 | 2 Northern Beaches Websites, Wordpress | 2 Wp Custom Admin Interface, Wordpress | 2026-01-20 | 4.3 Medium |
| Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40. | ||||
| CVE-2025-63036 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File Inclusion.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68. | ||||
| CVE-2025-63034 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.4 Medium |
| Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through <= 2.8.7. | ||||
| CVE-2025-63032 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Consulting allows Stored XSS.This issue affects Consulting: from n/a through 1.5.0. | ||||
| CVE-2025-63031 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.3 Medium |
| Missing Authorization vulnerability in WP Grids EasyTest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through 1.0.1. | ||||
| CVE-2025-63030 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.0. | ||||
| CVE-2025-63028 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.3 Medium |
| Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6. | ||||
| CVE-2025-63027 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webcreations907 WBC907 Core allows Stored XSS.This issue affects WBC907 Core: from n/a through 3.4.1. | ||||