Filtered by vendor Wordpress
Subscriptions
Total
7908 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8199 | 2 Debuggersstudio, Wordpress | 2 Marquee Addons For Elementor, Wordpress | 2025-12-14 | 6.4 Medium |
| The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-9207 | 2 Templateinvaders, Wordpress | 2 Ti Woocommerce Wishlist, Wordpress | 2025-12-14 | 5.3 Medium |
| The TI WooCommerce Wishlist plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.10.0. This is due to the plugin accepting hidden fields and not limiting the values or data that can input and is later output. This makes it possible for unauthenticated attackers to inject arbitrary HTML into wishlist items. | ||||
| CVE-2025-7960 | 2 Kingaddons, Wordpress | 2 King Addons For Elementor, Wordpress | 2025-12-14 | 6.4 Medium |
| The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Slider, Pricing Calculator, and Image Accordion widgets in all versions up to, and including, 51.1.39 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-56045 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 9.3 Critical |
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5. | ||||
| CVE-2025-49925 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 7.3 High |
| Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | ||||
| CVE-2024-56047 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. | ||||
| CVE-2024-56048 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 8.8 High |
| Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9. | ||||
| CVE-2024-56049 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 8.5 High |
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | ||||
| CVE-2024-56050 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3. | ||||
| CVE-2024-56051 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5. | ||||
| CVE-2024-56052 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | ||||
| CVE-2024-56053 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. | ||||
| CVE-2024-56054 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | ||||
| CVE-2024-56055 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System , Wordpress | 2025-12-12 | 8.5 High |
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | ||||
| CVE-2024-56057 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | ||||
| CVE-2025-49957 | 2 Weboccult Technologies, Wordpress | 2 Email Attachment By Order Status And Products, Wordpress | 2025-12-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-order-status-products allows Reflected XSS.This issue affects Email Attachment by Order Status & Products: from n/a through <= 1.0.1. | ||||
| CVE-2025-49958 | 3 Robokassa, Woocommerce, Wordpress | 3 Payment Gateway For Woocommerce, Woocommerce, Wordpress | 2025-12-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.8.1. | ||||
| CVE-2024-56042 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. | ||||
| CVE-2024-56046 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9. | ||||
| CVE-2024-56043 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9. | ||||