ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Total
5304 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8150 | 2 Nicheaddons, Wordpress | 2 Events Addon For Elementor, Wordpress | 2025-08-31 | 6.4 Medium |
| The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-9618 | 2 Wordpress, Wpdreams | 2 Wordpress, Related Posts Lite | 2025-08-31 | 4.3 Medium |
| The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9499 | 2 Oceanwp, Wordpress | 2 Ocean Extra, Wordpress | 2025-08-31 | 6.4 Medium |
| The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-49405 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2025-08-30 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4. | ||||
| CVE-2025-49383 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Neresa allows PHP Local File Inclusion. This issue affects Neresa: from n/a through 1.3. | ||||
| CVE-2025-54710 | 2 Bplugins, Wordpress | 2 Tiktok Feed Plugin, Wordpress | 2025-08-29 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21. | ||||
| CVE-2025-54742 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8. | ||||
| CVE-2025-53230 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2025-08-29 | 7.6 High |
| Missing Authorization vulnerability in honzat Page Manager for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page Manager for Elementor: from n/a through 2.0.5. | ||||
| CVE-2025-53244 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magazine Elite allows PHP Local File Inclusion. This issue affects Magazine Elite: from n/a through 1.2.4. | ||||
| CVE-2025-53328 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage allows PHP Local File Inclusion. This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through 19.11.0. | ||||
| CVE-2025-53334 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah allows PHP Local File Inclusion. This issue affects Jannah: from n/a through 7.4.1. | ||||
| CVE-2025-54716 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5. | ||||
| CVE-2025-54734 | 2 Bplugins, Wordpress | 2 B Slider, Wordpress | 2025-08-29 | 5.8 Medium |
| Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30. | ||||
| CVE-2025-54738 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2025-08-29 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9. | ||||
| CVE-2025-48364 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce allows Server Side Request Forgery. This issue affects rajce: from n/a through 0.4.2. | ||||
| CVE-2025-53223 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undoIT Theme Switcher Reloaded allows Reflected XSS. This issue affects Theme Switcher Reloaded: from n/a through 1.1. | ||||
| CVE-2025-49387 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2025-08-29 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.5.3. | ||||
| CVE-2025-52761 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object Injection. This issue affects WP Funnel Manager: from n/a through 1.4.0. | ||||
| CVE-2025-53337 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.4 Medium |
| Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3. | ||||
| CVE-2025-54731 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 8.1 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1. | ||||