Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11401 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25369 | 2 Flexmls, Wordpress | 2 Flexmls Idx, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Reflected XSS.This issue affects Flexmls® IDX: from n/a through <= 3.15.9. | ||||
| CVE-2026-32587 | 2 Saad Iqbal, Wordpress | 2 Wp Easypay, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through <= 4.2.11. | ||||
| CVE-2026-32586 | 2 Pluggabl, Wordpress | 2 Booster For Woocommerce, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through < 7.11.3. | ||||
| CVE-2026-32565 | 2 Webberzone, Wordpress | 2 Contextual Related Posts, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through < 4.2.2. | ||||
| CVE-2026-25449 | 2 Shinetheme, Wordpress | 2 Traveler, Wordpress | 2026-04-02 | N/A |
| Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1. | ||||
| CVE-2026-27093 | 2 Ovatheme, Wordpress | 2 Tripgo, Wordpress | 2026-04-02 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through < 1.5.6. | ||||
| CVE-2026-27091 | 2 Uipress, Wordpress | 2 Uipress Lite, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09. | ||||
| CVE-2026-25471 | 2 Themepaste, Wordpress | 2 Admin Safety Guard, Wordpress | 2026-04-02 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety Guard admin-safety-guard allows Password Recovery Exploitation.This issue affects Admin Safety Guard: from n/a through <= 1.2.6. | ||||
| CVE-2026-25312 | 2 Theeventprime, Wordpress | 2 Eventprime, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.3. | ||||
| CVE-2025-32223 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-02 | N/A |
| Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4. | ||||
| CVE-2025-50001 | 2 Tagdiv, Wordpress | 2 Tagdiv Composer, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2. | ||||
| CVE-2025-53222 | 2 Tagdiv, Wordpress | 2 Opt In Builder, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.3. | ||||
| CVE-2026-25438 | 2 Themehunk, Wordpress | 2 Gutenberg Blocks, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through <= 1.2.8. | ||||
| CVE-2026-25442 | 2 Qantumthemes, Wordpress | 2 Kentha, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through <= 4.7.2. | ||||
| CVE-2026-25443 | 2 Dotstore, Wordpress | 2 Fraud Prevention For Woocommerce, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.3. | ||||
| CVE-2026-27065 | 2 Thimpress, Wordpress | 2 Builderpress, Wordpress | 2026-04-02 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1. | ||||
| CVE-2026-27067 | 2 Syarif, Wordpress | 2 Mobile App Editor, Wordpress | 2026-04-02 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through <= 1.3.1. | ||||
| CVE-2026-27068 | 2 Ryan Howard, Wordpress | 2 Website Llms.txt, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Howard Website LLMs.txt website-llms-txt allows Reflected XSS.This issue affects Website LLMs.txt: from n/a through <= 8.2.6. | ||||
| CVE-2026-27043 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-04-02 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography photography allows Path Traversal.This issue affects Photography: from n/a through <= 7.7.5. | ||||
| CVE-2026-0677 | 2 Totalsuite, Wordpress | 2 Totalcontest, Wordpress | 2026-04-02 | N/A |
| Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through <= 2.9.1. | ||||