Filtered by vendor Wordpress Subscriptions
Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 9826 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-22481 1 Wordpress 1 Wordpress 2026-01-27 8.8 High
Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.
CVE-2025-69190 1 Wordpress 1 Wordpress 2026-01-27 7.3 High
Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6.
CVE-2025-69183 2 E-plugins, Wordpress 2 Hospital & Doctor Directory, Wordpress 2026-01-27 8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-69182 2 E-plugins, Wordpress 2 Institutions Directory, Wordpress 2026-01-27 8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4.
CVE-2025-68899 2 Designthemes, Wordpress 2 Vivagh, Wordpress 2026-01-27 8.8 High
Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4.
CVE-2025-68898 2 Cjjparadoxmax, Wordpress 2 Synergy Project Manager, Wordpress 2026-01-27 5.8 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through <= 1.5.
CVE-2025-68896 1 Wordpress 1 Wordpress 2026-01-27 6.5 Medium
Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.
CVE-2025-68894 1 Wordpress 1 Wordpress 2026-01-27 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2.
CVE-2025-68884 1 Wordpress 1 Wordpress 2026-01-27 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1.
CVE-2025-68883 2 Extremeidea, Wordpress 2 Bidorbuy Store Integrator, Wordpress 2026-01-27 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through <= 2.12.0.
CVE-2025-68882 1 Wordpress 1 Wordpress 2026-01-27 7.5 High
Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.3.
CVE-2025-68857 1 Wordpress 1 Wordpress 2026-01-27 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through <= 3.15.
CVE-2025-68839 1 Wordpress 1 Wordpress 2026-01-27 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0.
CVE-2025-68835 2 Matiskiba, Wordpress 2 Ravpage, Wordpress 2026-01-27 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.
CVE-2025-68558 2 Averta, Wordpress 2 Depicter Slider, Wordpress 2026-01-27 6.5 Medium
Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.
CVE-2025-68510 1 Wordpress 1 Wordpress 2026-01-27 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5.
CVE-2026-24623 1 Wordpress 1 Wordpress 2026-01-27 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.
CVE-2026-24528 2 Pixelgrade, Wordpress 2 Nova Blocks, Wordpress 2026-01-27 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9.
CVE-2026-24383 2 Bplugins, Wordpress 2 B Slider, Wordpress 2026-01-27 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6.
CVE-2026-24354 1 Wordpress 1 Wordpress 2026-01-27 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.