Filtered by vendor Wordpress
Subscriptions
Total
10155 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11372 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2025-10-21 | 6.5 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permission_callback set to __return_true. This makes it possible for unauthenticated attackers to perform destructive database operations including dropping indexes on any table (including WordPress core tables like wp_options), creating duplicate configuration entries, and degrading site performance via the /wp-json/lp/v1/admin/tools/create-indexs endpoint granted they can provide table names. | ||||
| CVE-2025-11378 | 2 Shortpixel, Wordpress | 3 Image Optimizer, Shortpixel Image Optimizer, Wordpress | 2025-10-21 | 5.4 Medium |
| The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to export and import site options. | ||||
| CVE-2025-11510 | 2 Ninjateam, Wordpress | 2 Filebird, Wordpress | 2025-10-21 | 4.3 Medium |
| The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /filebird/v1/fb-wipe-clear-all-data function in all versions up to, and including, 6.4.9. This makes it possible for authenticated attackers, with author-level access and above, to reset all of the plugin's configuration data. | ||||
| CVE-2025-11519 | 2 Optimole, Wordpress | 2 Optimize Images, Wordpress | 2025-10-21 | 4.3 Medium |
| The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/move_image REST API endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to offload media that doesn't belong to them. | ||||
| CVE-2025-11703 | 2 Wordpress, Wpgmaps | 3 Wordpress, Wp Go Maps, Wp Google Maps | 2025-10-21 | 5.3 Medium |
| The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated attackers to poison the cache location for location search results. | ||||
| CVE-2025-11742 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Smart Wishlist For Woocommerce | 2025-10-21 | 4.3 Medium |
| The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlist_quickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's wishlist data and information. | ||||
| CVE-2025-10750 | 2 Cyberlord92, Wordpress | 2 Powerbi Embed Reports, Wordpress | 2025-10-21 | 5.3 Medium |
| The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the mo_epbr_admin_observer() function hooked on 'init'. This makes it possible for unauthenticated attackers to access sensitive Azure AD user information including personal identifiable information (PII) such as displayName, mail, phones, department, or detailed OAuth error data including Azure AD Application/Client IDs, error codes, trace IDs, and correlation IDs. | ||||
| CVE-2020-36854 | 1 Wordpress | 1 Wordpress | 2025-10-21 | 6.4 Medium |
| The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the aj_steps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it possible for authenticated attackers with subscriber level permissions and above to inject malicious web scripts into a page that execute whenever a user accesses that page. | ||||
| CVE-2025-11517 | 2 Theeventscalendar, Wordpress | 2 Event Tickets, Wordpress | 2025-10-21 | 7.5 High |
| The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be free allowing the user to bypass the payment. This makes it possible for unauthenticated attackers to obtain access to paid tickets, without paying for them, causing a loss of revenue for the target. | ||||
| CVE-2025-9890 | 2 Mndpsingh287, Wordpress | 2 Theme Editor, Wordpress | 2025-10-21 | 8.8 High |
| The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the 'theme_editor_theme' page. This makes it possible for unauthenticated attackers to achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-11738 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2025-10-21 | 5.3 Medium |
| The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can contain sensitive information. | ||||
| CVE-2025-11391 | 2 Themeisle, Wordpress | 2 Product Addons & Fields For Woocommerce, Wordpress | 2025-10-21 | 9.8 Critical |
| The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. While the vulnerable code is in the free version, this only affected users with the paid version of the software installed and activated. | ||||
| CVE-2025-10187 | 2 Creative-solutions-1, Wordpress | 2 Gspeech Tts Wordpress Text To Speech Plugin, Wordpress | 2025-10-21 | 4.9 Medium |
| The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including, 3.17.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-11691 | 2 Themeisle, Wordpress | 2 Product Addons & Fields For Woocommerce, Wordpress | 2025-10-21 | 7.5 High |
| The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the Enable Legacy Price Calculations setting is enabled. | ||||
| CVE-2025-7374 | 2 Wordpress, Wp-jobhunt Project | 2 Wordpress, Wp-jobhunt | 2025-10-21 | 5.4 Medium |
| The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- and Employer-level access and above, to log in to the site even if their account is inactive or pending. | ||||
| CVE-2025-7781 | 2 Wordpress, Wp-jobhunt Project | 3 Wordpress, Wordpress Mu, Wp-jobhunt | 2025-10-21 | 6.4 Medium |
| The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘cs_job_title’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-11380 | 2 Everestthemes, Wordpress | 2 Everest Backup, Wordpress | 2025-10-21 | 5.9 Medium |
| The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location. | ||||
| CVE-2025-10376 | 2 Ercbs, Wordpress | 2 Course Redirects For Learndash Plugin, Wordpress | 2025-10-21 | 4.3 Medium |
| The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9196 | 2 Sergiotrinity, Wordpress | 2 Trinity Audio, Wordpress | 2025-10-21 | 5.3 Medium |
| The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data. | ||||
| CVE-2025-9626 | 2 Softwud, Wordpress | 2 Page Blocks, Wordpress | 2025-10-21 | 4.3 Medium |
| The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the admin_process_widget_page_change function. This makes it possible for unauthenticated attackers to modify widget page block configurations via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||