CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Total 9043 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62147	2 Realbig, Wordpress	2 Realbig, Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Nik Melnik Realbig allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through 1.1.3.
CVE-2025-58894	2 Axiomthemes, Wordpress	2 Good Mood, Wordpress	2026-01-05	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through <= 1.16.
CVE-2025-62145	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in NewClarity DMCA Protection Badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through 2.2.0.
CVE-2025-62133	2 Manidoraisamy, Wordpress	2 Formfacade, Wordpress	2026-01-05	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Manidoraisamy FormFacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through 1.4.1.
CVE-2025-66152	2 Merkulove, Wordpress	2 Criptopayer For Elementor, Wordpress	2026-01-05	5.4 Medium
Missing Authorization vulnerability in merkulove Criptopayer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through 1.0.1.
CVE-2025-66151	2 Merkulove, Wordpress	2 Countdowner For Elementor, Wordpress	2026-01-05	5.4 Medium
Missing Authorization vulnerability in merkulove Countdowner for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through 1.0.4.
CVE-2025-58893	2 Axiomthemes, Wordpress	2 Alright, Wordpress	2026-01-05	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through <= 1.6.1.
CVE-2025-69089	2 Wordpress, Wpautolistings	2 Wordpress, Auto Listings	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in autolistings Auto Listings auto-listings allows Stored XSS.This issue affects Auto Listings: from n/a through <= 2.7.1.
CVE-2025-69088	3 Vidish, Woocommerce, Wordpress	3 Combo Offers Woocommerce, Woocommerce, Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through <= 4.2.
CVE-2025-69034	2 Mikado-themes, Wordpress	2 Lekker, Wordpress	2026-01-05	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8.
CVE-2025-69033	2 Awplife, Wordpress	2 Blog Filter, Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.3.
CVE-2025-58225	2 Axiomthemes, Wordpress	2 Paragon, Wordpress	2026-01-05	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through <= 1.1.
CVE-2025-53453	2 Axiomthemes, Wordpress	2 Hygia, Wordpress	2026-01-05	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through <= 1.16.
CVE-2025-53449	2 Axiomthemes, Wordpress	2 Convex, Wordpress	2026-01-05	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Convex convex allows PHP Local File Inclusion.This issue affects Convex: from n/a through <= 1.11.
CVE-2025-53448	2 Axiomthemes, Wordpress	2 Rally, Wordpress	2026-01-05	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rally rally allows PHP Local File Inclusion.This issue affects Rally: from n/a through <= 1.1.
CVE-2025-69032	2 Mikado-themes, Wordpress	2 Fivestar, Wordpress	2026-01-05	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7.
CVE-2025-68603	2 Marketing Fire, Wordpress	2 Editorial Calendar, Wordpress	2026-01-05	8.1 High
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.
CVE-2025-68600	2 Wordpress, Ylefebvre	2 Wordpress, Link Library	2026-01-05	9.1 Critical
Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through <= 7.8.4.
CVE-2025-68605	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-01-05	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.18.
CVE-2025-68602	2 Scott Paterson, Wordpress	2 Accept Donations With Paypal, Wordpress	2026-01-05	6.1 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1.

« first previous Page 27 of 453. next last »