CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 9746 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69047	1 Wordpress	1 Wordpress	2026-01-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech MaxShop sw_maxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through <= 3.6.20.
CVE-2025-69046	1 Wordpress	1 Wordpress	2026-01-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab iRecco Core irecco-core allows PHP Local File Inclusion.This issue affects iRecco Core: from n/a through <= 1.3.6.
CVE-2025-69041	1 Wordpress	1 Wordpress	2026-01-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dekoro: from n/a through <= 1.0.7.
CVE-2025-68871	1 Wordpress	1 Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3.0.
CVE-2025-68866	1 Wordpress	1 Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18.
CVE-2025-68864	2 Infility, Wordpress	2 Infility Global, Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through <= 2.14.50.
CVE-2025-68838	2 Expresstechsoftware, Wordpress	2 Memberpress Discord Addon, Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through <= 1.1.4.
CVE-2025-68538	1 Wordpress	1 Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through <= 2.3.6.
CVE-2025-68520	1 Wordpress	1 Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through < 4.9.5.
CVE-2025-68518	1 Wordpress	1 Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < 6.8.9.
CVE-2025-67963	1 Wordpress	1 Wordpress	2026-01-29	8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through <= 1.1.5.
CVE-2025-67961	1 Wordpress	1 Wordpress	2026-01-29	6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0.
CVE-2025-67960	2 Purethemes, Wordpress	2 Workscout Core, Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through <= 1.7.06.
CVE-2025-67959	2 Purethemes, Wordpress	2 Workscout, Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through <= 4.1.07.
CVE-2025-68911	2 Solacewp, Wordpress	2 Solace, Wordpress	2026-01-29	6.5 Medium
Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16.
CVE-2025-69045	3 Fooevents, Woocommerce, Wordpress	3 Fooevents For Woocommerce, Woocommerce, Wordpress	2026-01-29	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through <= 1.20.4.
CVE-2025-69102	2 Boopathirajan, Wordpress	2 Wp Test Email, Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: from n/a through <= 1.1.7.
CVE-2025-69100	1 Wordpress	1 Wordpress	2026-01-29	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through <= 5.7.5.
CVE-2025-68019	2 Cleverplugins, Wordpress	2 Seo Booster, Wordpress	2026-01-29	6.5 Medium
Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.
CVE-2025-67967	2 E-plugins, Wordpress	2 Lawyer Directory, Wordpress	2026-01-29	7.6 High
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3.

« first previous Page 15 of 488. next last »