ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
12600 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58024 | 2 Unboundstudio, Wordpress | 2 Accordion Faq, Wordpress | 2026-06-02 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1. | ||||
| CVE-2025-58705 | 2 Axiomthemes, Wordpress | 2 Crafti, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12. | ||||
| CVE-2026-42670 | 2 Etoile Web Design Incorporated, Wordpress | 2 Five Star Restaurant Reservations, Wordpress | 2026-06-02 | 7.5 High |
| Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14. | ||||
| CVE-2026-42684 | 2 Ahmad, Wordpress | 2 Wp Job Portal, Wordpress | 2026-06-02 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1. | ||||
| CVE-2026-42685 | 2 Ahmad, Wordpress | 2 Wp Job Portal, Wordpress | 2026-06-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1. | ||||
| CVE-2026-39550 | 2 Elated-themes, Wordpress | 2 Aperitif, Wordpress | 2026-06-02 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6. | ||||
| CVE-2026-39551 | 2 Elated-themes, Wordpress | 2 Töbel, Wordpress | 2026-06-02 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1. | ||||
| CVE-2026-39552 | 2 Code Supply Co., Wordpress | 2 Blueprint, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5. | ||||
| CVE-2026-39553 | 2 Select-themes, Wordpress | 2 Waveride, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4. | ||||
| CVE-2025-58707 | 2 Axiomthemes, Wordpress | 2 Spin, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8. | ||||
| CVE-2025-58897 | 2 Axiomthemes, Wordpress | 2 Fermentio, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0. | ||||
| CVE-2025-69369 | 2 Axiomthemes, Wordpress | 2 Racquet, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0. | ||||
| CVE-2025-68886 | 2 Androthemes, Wordpress | 2 Cookiteer, Wordpress | 2026-06-02 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8. | ||||
| CVE-2026-27351 | 2 Sekander Badsha, Wordpress | 2 Crew Hrm, Wordpress | 2026-06-02 | 5.4 Medium |
| Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2. | ||||
| CVE-2026-40780 | 2 Liquid Web / Stellarwp, Wordpress | 2 Bookit, Wordpress | 2026-06-02 | 7.5 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1. | ||||
| CVE-2026-8382 | 2 Wordpress, Wpengine | 2 Wordpress, Advanced Custom Fields | 2026-06-02 | 5.3 Medium |
| The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the post_title and post_content of any post bound to a publicly accessible acf_form() instance by injecting values into the _post_title and _post_content parameters of a form submission request. | ||||
| CVE-2026-42683 | 2 Vikwp, Wordpress | 2 Vikbooking Hotel Booking Engine & Pms, Wordpress | 2026-06-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8. | ||||
| CVE-2026-42681 | 2 E2pdf, Wordpress | 2 E2pdf, Wordpress | 2026-06-02 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14. | ||||
| CVE-2026-42680 | 2 Wasiliy Strecker / Contestgallery Developer, Wordpress | 2 Contest Gallery, Wordpress | 2026-06-02 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1. | ||||
| CVE-2026-42673 | 2 Logtivity, Wordpress | 2 Activity Logs, User Activity Tracking, Multisite Activity Log From Logtivity, Wordpress | 2026-06-02 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity: from n/a through 3.3.6. | ||||