ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Total
11479 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62916 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in Travon WP Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights & Hotels Booking WP Plugin: from n/a through <= 3.1. | ||||
| CVE-2025-62903 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Smart Messages For Woocommerce | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through <= 4.2.8. | ||||
| CVE-2025-62902 | 2 Themehunk, Wordpress | 2 Wp Popup Builder, Wordpress | 2026-04-01 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.8. | ||||
| CVE-2025-62897 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.7 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through < 10.1.0. | ||||
| CVE-2025-62895 | 2 Atarim, Wordpress | 2 Atarim, Wordpress | 2026-04-01 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1. | ||||
| CVE-2025-62889 | 3 Elementor, Kingaddons, Wordpress | 3 Elementor, King Addons For Elementor, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects King Addons for Elementor: from n/a through <= 51.1.61. | ||||
| CVE-2025-62887 | 3 Elementor, Kingaddons, Wordpress | 3 Elementor, King Addons For Elementor, Wordpress | 2026-04-01 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through <= 51.1.61. | ||||
| CVE-2025-62886 | 2 Wordpress, Wpdevart | 2 Wordpress, Pricing Table Builder | 2026-04-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Pricing Table builder wpdevart-pricing-table allows Stored XSS.This issue affects Pricing Table builder: from n/a through <= 1.5.3. | ||||
| CVE-2025-62885 | 2 Rextheme, Wordpress | 2 Wp Vr, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through <= 8.5.48. | ||||
| CVE-2025-62884 | 2 Relywp, Wordpress | 2 Coupon Affiliates, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through <= 7.2.0. | ||||
| CVE-2025-62870 | 3 Eupago, Woocommerce, Wordpress | 3 Eupago Gateway Woocommerce, Woocommerce, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eupago Gateway For Woocommerce: from n/a through <= 4.7.1. | ||||
| CVE-2025-62867 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ergonet Cache: from n/a through <= 1.0.13. | ||||
| CVE-2025-62740 | 2 Mario Peshev, Wordpress | 2 Wp-crm-system, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.6. | ||||
| CVE-2025-62734 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in M.Code Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through <= 1.4.0. | ||||
| CVE-2025-62152 | 2 Conveythis, Wordpress | 2 Conveythis, Wordpress | 2026-04-01 | 8.8 High |
| Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.2. | ||||
| CVE-2025-62086 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in akazanstev Яндекс Доставка (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Яндекс Доставка (Boxberry): from n/a through <= 2.34. | ||||
| CVE-2025-62085 | 2 Bertha, Wordpress | 2 Bertha Ai, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13. | ||||
| CVE-2025-62082 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through <= 1.2.9. | ||||
| CVE-2025-62018 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. | ||||
| CVE-2025-62017 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. | ||||