Filtered by vendor Wordpress
Subscriptions
Total
9758 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0909 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 5.3 Medium |
| The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the `wp_ulike_delete_history_api` AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for authenticated attackers, with Subscriber-level access and above (granted the 'stats' capability is assigned to their role), to delete arbitrary log entries belonging to other users via the 'id' parameter. | ||||
| CVE-2026-24942 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through <= 5.1.1. | ||||
| CVE-2026-24938 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through <= 4.2.1. | ||||
| CVE-2026-1371 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-02-04 | 5.3 Medium |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the `ajax_coupon_details()` function, which only validates nonces but does not verify user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive coupon information including coupon codes, discount amounts, usage statistics, and course/bundle applications. | ||||
| CVE-2026-24952 | 2 Craig Hewitt, Wordpress | 2 Seriously Simple Podcasting, Wordpress | 2026-02-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1. | ||||
| CVE-2026-24997 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 5.3 Medium |
| Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wired Impact Volunteer Management: from n/a through <= 2.8. | ||||
| CVE-2026-24998 | 2 Wordpress, Wpmudev | 2 Wordpress, Hustle | 2026-02-04 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2. | ||||
| CVE-2026-25022 | 2 Iqonic, Wordpress | 2 Kivicare, Wordpress | 2026-02-04 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16. | ||||
| CVE-2026-25011 | 2 Northern Beaches Websites, Wordpress | 2 Wp Custom Admin Interface, Wordpress | 2026-02-04 | 4.3 Medium |
| Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41. | ||||
| CVE-2026-24992 | 2 Wordpress, Wpfactory | 2 Wordpress, Advanced Woocommerce Product Sales Reporting | 2026-02-04 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.2. | ||||
| CVE-2026-25021 | 2 Mizan Themes, Wordpress | 2 Mizan Demo Importer, Wordpress | 2026-02-04 | 5.4 Medium |
| Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mizan Demo Importer: from n/a through <= 0.1.3. | ||||
| CVE-2026-24965 | 3 Contest-gallery, Contest Gallery, Wordpress | 3 Contest Gallery, Contest Gallery, Wordpress | 2026-02-04 | 4.3 Medium |
| Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contest Gallery: from n/a through <= 28.1.1. | ||||
| CVE-2026-25023 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.0.7. | ||||
| CVE-2026-25012 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 5.3 Medium |
| Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through <= 1.11.0. | ||||
| CVE-2026-25014 | 2 Themelooks, Wordpress | 2 Enter Addons, Wordpress | 2026-02-04 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2. | ||||
| CVE-2026-24984 | 1 Wordpress | 1 Wordpress | 2026-02-04 | N/A |
| Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9. | ||||
| CVE-2026-25015 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53. | ||||
| CVE-2026-24986 | 2 Wordpress, Wp.insider | 2 Wordpress, Simple Membership Wp User Import | 2026-02-04 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through <= 1.9.1. | ||||
| CVE-2026-24985 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 4.3 Medium |
| Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through <= 1.8.2. | ||||
| CVE-2026-24995 | 1 Wordpress | 1 Wordpress | 2026-02-04 | 4.3 Medium |
| Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.0. | ||||