CVEs and Security Vulnerabilities

Search

Switch to Advanced Search (Beta)

Total 323616 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58706	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through <= 1.25.
CVE-2025-49041	1 Wordpress	1 Wordpress	2025-12-19	6.5 Medium
Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through <= 3.2.3.
CVE-2025-49363	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through <= 1.1.16.
CVE-2025-58925	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Neptunus neptunus allows PHP Local File Inclusion.This issue affects Neptunus: from n/a through <= 1.0.11.
CVE-2025-58926	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Cerebrum cerebrum allows PHP Local File Inclusion.This issue affects Cerebrum: from n/a through <= 1.12.
CVE-2025-12976	2 Netweblogic, Wordpress	2 Events Manager, Wordpress	2025-12-19	6.4 Medium
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list_grouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-58877	2 Javothemes, Wordpress	2 Javo Core, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.
CVE-2025-49902	1 Wordpress	1 Wordpress	2025-12-19	6.5 Medium
Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page, Custom Design: from n/a through <= 2.1.1.
CVE-2025-53443	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Smash smash allows PHP Local File Inclusion.This issue affects Smash: from n/a through <= 1.7.
CVE-2025-49941	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes GlamChic glamchic allows PHP Local File Inclusion.This issue affects GlamChic: from n/a through <= 1.0.11.
CVE-2025-58932	2 Axiomthemes, Wordpress	2 Prisma, Wordpress	2025-12-19	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Prisma prisma allows PHP Local File Inclusion.This issue affects Prisma: from n/a through <= 1.10.
CVE-2025-58803	1 Wordpress	1 Wordpress	2025-12-19	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Algenix algenix allows PHP Local File Inclusion.This issue affects Algenix: from n/a through <= 1.0.
CVE-2025-53447	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Assembly assembly allows PHP Local File Inclusion.This issue affects Assembly: from n/a through <= 1.1.
CVE-2025-49366	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hanani hanani allows PHP Local File Inclusion.This issue affects Hanani: from n/a through <= 1.2.11.
CVE-2025-49359	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issue affects ShieldGroup: from n/a through <= 2.13.
CVE-2025-52768	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Faith & Hope faith-hope allows PHP Local File Inclusion.This issue affects Faith & Hope: from n/a through <= 2.13.0.
CVE-2025-54741	1 Wordpress	1 Wordpress	2025-12-19	8.6 High
Missing Authorization vulnerability in Tyler Moore Super Blank super-blank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Blank: from n/a through <= 1.2.0.
CVE-2025-53430	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Etta etta allows PHP Local File Inclusion.This issue affects Etta: from n/a through <= 1.14.0.
CVE-2025-58708	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes 777 triple-seven allows PHP Local File Inclusion.This issue affects 777: from n/a through <= 1.3.
CVE-2025-53449	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Convex convex allows PHP Local File Inclusion.This issue affects Convex: from n/a through <= 1.11.

« first previous Page 50 of 16181. next last »