ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Total
5378 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48148 | 2 Woocommerce, Wordpress | 3 Storekeeper, Woocommerce, Wordpress | 2025-08-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4. | ||||
| CVE-2025-54750 | 2 Funnelkit, Wordpress | 2 Funnel Builder, Wordpress | 2025-08-21 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.11.1. | ||||
| CVE-2025-49890 | 2 Awstats, Wordpress | 2 Awstats, Wordpress | 2025-08-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jorge Garcia de Bustos AWStats Script allows Stored XSS. This issue affects AWStats Script: from n/a through 0.3. | ||||
| CVE-2025-54713 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2025-08-21 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Authentication Abuse. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.3.0. | ||||
| CVE-2025-49434 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2025-08-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stijnvanderree Laposta WooCommerce allows Stored XSS. This issue affects Laposta WooCommerce: from n/a through 1.9.1. | ||||
| CVE-2025-47650 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2025-08-21 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global allows Path Traversal. This issue affects Infility Global: from n/a through 2.14.7. | ||||
| CVE-2025-54735 | 2 Cubewp, Wordpress | 2 Cubewp, Wordpress | 2025-08-21 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24. | ||||
| CVE-2025-48169 | 2 Jordy Meow, Wordpress | 2 Code Engine, Wordpress | 2025-08-21 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine allows Remote Code Inclusion. This issue affects Code Engine: from n/a through 0.3.3. | ||||
| CVE-2025-49396 | 2 Themify, Wordpress | 2 Themify Builder, Wordpress | 2025-08-21 | 4.3 Medium |
| Missing Authorization vulnerability in themifyme Themify Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Themify Builder: from n/a through 7.6.7. | ||||
| CVE-2025-49408 | 2 Templately, Wordpress | 2 Templately, Wordpress | 2025-08-21 | 4.9 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. | ||||
| CVE-2025-49395 | 2 Themify, Wordpress | 2 Icons, Wordpress | 2025-08-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Icons allows Stored XSS. This issue affects Themify Icons: from n/a through 2.0.3. | ||||
| CVE-2025-53319 | 2 Raptive, Wordpress | 2 Raptive Ads, Wordpress | 2025-08-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.8.0. | ||||
| CVE-2025-7496 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Smart Compare For Woocommerce | 2025-08-21 | 6.4 Medium |
| The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8622 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 6.4 Medium |
| The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-8783 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 4.4 Medium |
| The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-8618 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Smart Quick View For Woocommerce | 2025-08-21 | 6.4 Medium |
| The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosq_btn shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48160 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris allows PHP Local File Inclusion. This issue affects Caliris: from n/a through 1.5. | ||||
| CVE-2025-54046 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4. | ||||
| CVE-2025-49410 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through 1.1.1. | ||||
| CVE-2025-54056 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows Reflected XSS. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.8. | ||||