Filtered by vendor Wordpress
Subscriptions
Total
9834 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39466 | 2 Mikado-themes, Wordpress | 2 Dor, Wordpress | 2026-01-20 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4. | ||||
| CVE-2025-39465 | 2 Flippercode, Wordpress | 2 Advanced Google Maps, Wordpress | 2026-01-20 | 8.1 High |
| Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4. | ||||
| CVE-2025-39463 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9. | ||||
| CVE-2025-32657 | 2 Radiustheme, Wordpress | 2 Testimonial Slider And Showcase, Wordpress | 2026-01-20 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a through <= 2.1.7. | ||||
| CVE-2025-32283 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5. | ||||
| CVE-2025-32222 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5. | ||||
| CVE-2025-31634 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5. | ||||
| CVE-2025-31054 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. | ||||
| CVE-2025-31048 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4. | ||||
| CVE-2025-31047 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0. | ||||
| CVE-2025-31046 | 2 Wordpress, Wpvibes | 2 Wordpress, Anywhere Elementor | 2026-01-20 | 4.3 Medium |
| Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29. | ||||
| CVE-2025-31044 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2. | ||||
| CVE-2025-31029 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bingu replyMail replymail allows Stored XSS.This issue affects replyMail: from n/a through <= 1.2.0. | ||||
| CVE-2025-30944 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.5 High |
| Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through <= 1.1.23. | ||||
| CVE-2025-30633 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3. | ||||
| CVE-2025-30628 | 2 Aa-team, Wordpress | 2 Amazon Affiliates Addon For Wpbakery Page Builder, Wordpress | 2026-01-20 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer): from n/a through 1.2. | ||||
| CVE-2025-28973 | 2 Aa-team, Wordpress | 2 Pro Bulk Watermark Plugin, Wordpress | 2026-01-20 | 6.5 Medium |
| Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0. | ||||
| CVE-2025-28953 | 2 Axiomthemes, Wordpress | 2 Smart Seo, Wordpress | 2026-01-20 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0. | ||||
| CVE-2025-28949 | 2 Codedraft, Wordpress | 2 Mediabay - Wordpress Media Library Folders, Wordpress | 2026-01-20 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4. | ||||
| CVE-2025-27004 | 2 Lambertgroup, Wordpress | 2 Famous-responsive Image And Video Grid Gallery Wordpress Plugin, Wordpress | 2026-01-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through <= 1.4. | ||||