CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Subscriptions

Total 346598 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53447	2 Axiomthemes, Wordpress	2 Assembly, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Assembly assembly allows PHP Local File Inclusion.This issue affects Assembly: from n/a through <= 1.1.
CVE-2025-64263	1 Wordpress	1 Wordpress	2026-04-24	5.4 Medium
Missing Authorization vulnerability in PluginEver WP Content Pilot wp-content-pilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Content Pilot: from n/a through <= 2.1.7.
CVE-2025-53448	2 Axiomthemes, Wordpress	2 Rally, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rally rally allows PHP Local File Inclusion.This issue affects Rally: from n/a through <= 1.1.
CVE-2025-64265	2 N-media, Wordpress	2 Frontend File Manager, Wordpress	2026-04-24	4.3 Medium
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.2.
CVE-2025-53449	2 Axiomthemes, Wordpress	2 Convex, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Convex convex allows PHP Local File Inclusion.This issue affects Convex: from n/a through <= 1.11.
CVE-2025-64267	3 Woocommerce, Wordpress, Wpswings	3 Woocommerce, Wordpress, Ultimate Points And Rewards	2026-04-24	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through <= 2.10.2.
CVE-2025-53453	2 Axiomthemes, Wordpress	2 Hygia, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through <= 1.16.
CVE-2025-64269	2 Edgarrojas, Wordpress	2 Woocommerce Pdf Invoice Builder, Wordpress	2026-04-24	4.3 Medium
Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 1.2.150.
CVE-2025-54741	1 Wordpress	1 Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in Tyler Moore Super Blank super-blank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Blank: from n/a through <= 1.2.0.
CVE-2025-64271	2 Hasthemes, Wordpress	2 Wp Plugin Manager, Wordpress	2026-04-24	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.This issue affects WP Plugin Manager: from n/a through <= 1.4.7.
CVE-2025-55707	2 Wordpress, Wpxpo	2 Wordpress, Postx	2026-04-24	7.2 High
Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.
CVE-2025-64274	2 Wordpress, Wpkoi	2 Wordpress, Wpkoi Templates For Elementor	2026-04-24	4.3 Medium
Missing Authorization vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPKoi Templates for Elementor: from n/a through <= 3.4.4.
CVE-2025-57897	1 Wordpress	1 Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in venusweb Logtik logtik allows Reflected XSS.This issue affects Logtik: from n/a through <= 2.3.
CVE-2025-64277	2 Quantumcloud, Wordpress	2 Chatbot, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9.
CVE-2025-58225	2 Axiomthemes, Wordpress	2 Paragon, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through <= 1.1.
CVE-2025-64292	1 Wordpress	1 Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through <= 1.6.2.
CVE-2025-58706	2 Axiomthemes, Wordpress	2 Woo Hoo, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through <= 1.25.
CVE-2025-64370	2 Wordpress, Yop-poll	3 Wordpress, Yop-poll, Yop Poll	2026-04-24	5.3 Medium
Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YOP Poll: from n/a through <= 6.5.38.
CVE-2025-58710	1 Wordpress	1 Wordpress	2026-04-24	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0.
CVE-2025-64384	1 Wordpress	1 Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.

« first previous Page 15 of 17330. next last »