Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11797 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25438 | 2 Themehunk, Wordpress | 2 Gutenberg Blocks, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blocks: from n/a through <= 1.2.8. | ||||
| CVE-2026-25442 | 2 Qantumthemes, Wordpress | 2 Kentha, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through <= 4.7.2. | ||||
| CVE-2026-25443 | 2 Dotstore, Wordpress | 2 Fraud Prevention For Woocommerce, Wordpress | 2026-04-02 | N/A |
| Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.3. | ||||
| CVE-2026-27065 | 2 Thimpress, Wordpress | 2 Builderpress, Wordpress | 2026-04-02 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1. | ||||
| CVE-2026-27067 | 2 Syarif, Wordpress | 2 Mobile App Editor, Wordpress | 2026-04-02 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through <= 1.3.1. | ||||
| CVE-2026-27068 | 2 Ryan Howard, Wordpress | 2 Website Llms.txt, Wordpress | 2026-04-02 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Howard Website LLMs.txt website-llms-txt allows Reflected XSS.This issue affects Website LLMs.txt: from n/a through <= 8.2.6. | ||||
| CVE-2026-0677 | 2 Totalsuite, Wordpress | 2 Totalcontest, Wordpress | 2026-04-02 | N/A |
| Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through <= 2.9.1. | ||||
| CVE-2026-28126 | 2 Sizam, Wordpress | 2 Rh Frontend Publishing Pro, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through < 4.3.4. | ||||
| CVE-2026-28119 | 2 Axiomthemes, Wordpress | 2 Nirvana, Wordpress | 2026-04-01 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nir-vana allows PHP Local File Inclusion.This issue affects Nirvana: from n/a through <= 2.6. | ||||
| CVE-2026-27332 | 2 Skygroup, Wordpress | 2 Agrofood, Wordpress | 2026-04-01 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through < 1.4.0. | ||||
| CVE-2025-68547 | 2 Wordpress, Wpwebelite | 2 Wordpress, Follow My Blog Post | 2026-04-01 | 7.5 High |
| Missing Authorization vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through <= 2.4.0. | ||||
| CVE-2025-62992 | 2 Everestthemes, Wordpress | 2 Everest Backup, Wordpress | 2026-04-01 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup everest-backup allows Path Traversal.This issue affects Everest Backup: from n/a through <= 2.3.11. | ||||
| CVE-2025-62751 | 2 Extendthemes, Wordpress | 2 Vireo, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in extendthemes Vireo vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through <= 1.0.24. | ||||
| CVE-2025-60116 | 2 Themegoods, Wordpress | 2 Grand Conference, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4. | ||||
| CVE-2025-58990 | 2 Hasthemes, Wordpress | 2 Shoplentor, Wordpress | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems ShopLentor woolentor-addons allows Stored XSS.This issue affects ShopLentor: from n/a through <= 3.2.0. | ||||
| CVE-2025-58668 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2026-04-01 | 9.8 Critical |
| Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970. | ||||
| CVE-2025-58234 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager js-jobs allows Stored XSS.This issue affects JS Job Manager: from n/a through <= 2.0.2. | ||||
| CVE-2025-58210 | 2 Thememove, Wordpress | 2 Makeaholic, Wordpress | 2026-04-01 | 9.8 Critical |
| Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5. | ||||
| CVE-2025-58206 | 2 Thememove, Wordpress | 2 Maxcoach, Wordpress | 2026-04-01 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through <= 3.2.5. | ||||
| CVE-2025-58192 | 3 Wordpress, Xylus Themes, Xylusthemes | 3 Wordpress, Wp Bulk Delete, Wp Bulk Delete | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through <= 1.3.6. | ||||