Filtered by vendor Wordpress Subscriptions
Total 13021 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-39597 2 Wordpress, Wpzoom 2 Wordpress, Wpzoom Addons For Elementor 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
CVE-2025-49403 2 Aa-team, Wordpress 2 Premium Age Verification Restriction For Wordpress, Wordpress 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
CVE-2026-39546 2 Techspawn, Wordpress 2 Multiloca, Wordpress 2026-06-17 7.6 High
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
CVE-2026-54192 2 Ays-pro, Wordpress 2 Popup Box, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
CVE-2026-54195 2 Jetmonsters, Wordpress 2 Jetformbuilder, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
CVE-2026-54196 2 Jetmonsters, Wordpress 2 Jetformbuilder, Wordpress 2026-06-17 6.8 Medium
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
CVE-2026-54806 2 Melapress, Wordpress 2 Wp Activity Log, Wordpress 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
CVE-2024-32949 2 Prince, Wordpress 2 Integrate Google Drive, Wordpress 2026-06-17 8.3 High
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.
CVE-2024-33909 2 Avirtum, Wordpress 2 Ipages Flipbook, Wordpress 2026-06-17 5.3 Medium
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
CVE-2024-35690 2 Marketingfire, Wordpress 2 Widget-options, Wordpress 2026-06-17 6.5 Medium
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.
CVE-2026-48967 2 Dylan Kuhn, Wordpress 2 Geo Mashup, Wordpress 2026-06-17 8.5 High
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
CVE-2026-25439 2 Fs-code, Wordpress 2 Booknetic, Wordpress 2026-06-17 8.1 High
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
CVE-2026-49107 2 Thrivethemes, Wordpress 2 Thrive Apprentice, Wordpress 2026-06-17 9.8 Critical
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
CVE-2026-49767 2 Tomdever, Wordpress 2 Wpforo Forum, Wordpress 2026-06-17 9.8 Critical
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
CVE-2026-39537 2 Mikado-themes, Wordpress 2 Mikado Core, Wordpress 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
CVE-2026-54194 2 Themefusion, Wordpress 2 Fusion Builder, Wordpress 2026-06-17 9.8 Critical
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
CVE-2025-69139 2 Aivahthemes, Wordpress 2 Car Zone, Wordpress 2026-06-17 8.6 High
Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7 versions.
CVE-2025-69151 2 Themegoods, Wordpress 2 Grand Car Rental, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
CVE-2026-9570 2 Taskbuilder, Wordpress 2 Taskbuilder, Wordpress 2026-06-17 7.1 High
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.
CVE-2026-27395 2 Schiocco, Wordpress 2 Support Board, Wordpress 2026-06-17 9.8 Critical
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.