CVEs and Security Vulnerabilities

Search

Switch to Advanced Search (Beta)

Total 323374 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58941	1 Wordpress	1 Wordpress	2025-12-19	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Fabric fabric allows PHP Local File Inclusion.This issue affects Fabric: from n/a through <= 1.5.0.
CVE-2025-58947	1 Wordpress	1 Wordpress	2025-12-19	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through <= 1.9.
CVE-2025-64376	2 Cridio, Wordpress	2 Listingpro, Wordpress	2025-12-19	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through < 2.9.10.
CVE-2025-6326	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from n/a through <= 1.18.0.
CVE-2025-60056	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Winger winger allows PHP Local File Inclusion.This issue affects Winger: from n/a through <= 1.0.16.
CVE-2025-60045	2 Themeatelier, Wordpress	2 Idonate, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through <= 2.1.11.
CVE-2025-64214	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2025-12-19	7.5 High
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
CVE-2025-64227	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2025-12-19	9.8 Critical
Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7.
CVE-2025-60178	2 Crm Perks, Wordpress	2 Wp Gravity Forms Hubspot, Wordpress	2025-12-19	9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.6.
CVE-2025-64188	2 Pencidesign, Wordpress	2 Soledad, Wordpress	2025-12-19	9.8 Critical
Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9.
CVE-2025-60061	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Kicker kicker allows PHP Local File Inclusion.This issue affects Kicker: from n/a through <= 2.2.0.
CVE-2025-63039	2 Cridio, Wordpress	2 Listingpro, Wordpress	2025-12-19	6.5 Medium
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-64258	1 Wordpress	1 Wordpress	2025-12-19	7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9.
CVE-2025-64189	2 8theme, Wordpress	2 Xstore Core, Wordpress	2025-12-19	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6.
CVE-2025-58935	1 Wordpress	1 Wordpress	2025-12-19	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lunna lunna allows PHP Local File Inclusion.This issue affects Lunna: from n/a through <= 1.15.
CVE-2025-60063	1 Wordpress	1 Wordpress	2025-12-19	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rosalinda rosalinda allows PHP Local File Inclusion.This issue affects Rosalinda: from n/a through <= 1.2.3.
CVE-2025-58938	2 Themeatelier, Wordpress	2 Idonate, Wordpress	2025-12-19	7.6 High
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.
CVE-2025-58950	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lione lione allows PHP Local File Inclusion.This issue affects Lione: from n/a through <= 1.16.
CVE-2025-60060	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pubzinne pubzinne allows PHP Local File Inclusion.This issue affects Pubzinne: from n/a through <= 1.0.12.
CVE-2025-58937	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Tacticool tacticool allows PHP Local File Inclusion.This issue affects Tacticool: from n/a through <= 1.0.13.

« first previous Page 7 of 16169. next last »