CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 11521 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22504	2 Themerex, Wordpress	2 Prolingua, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through <= 1.1.12.
CVE-2026-22500	2 Axiomthemes, Wordpress	2 M2 \| Construction And Tools Store, Wordpress	2026-03-30	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes m2 \| Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 \| Construction and Tools Store: from n/a through <= 1.1.2.
CVE-2026-22493	2 Elated-themes, Wordpress	2 Gaspard, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affects Gaspard: from n/a through <= 1.3.
CVE-2026-22496	2 Ancorathemes, Wordpress	2 Hypnotherapy, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through <= 1.2.10.
CVE-2026-23972	2 Magepeople, Wordpress	2 Booking & Rental Manager, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.6.0.
CVE-2026-22502	2 Ancorathemes, Wordpress	2 Mr. Cobbler, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through <= 1.1.9.
CVE-2026-22509	2 Elated-themes, Wordpress	2 Gioia, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through <= 1.4.
CVE-2026-22495	2 Ancorathemes, Wordpress	2 Greenville, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through <= 1.3.2.
CVE-2026-22520	2 G5theme, Wordpress	2 Handmade Framework, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Handmade Framework handmade-framework allows Reflected XSS.This issue affects Handmade Framework: from n/a through <= 3.9.
CVE-2026-22494	2 Themerex, Wordpress	2 Good Homes, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through <= 1.3.13.
CVE-2026-22523	2 Themepassion, Wordpress	2 Ultra Wordpress Admin, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through <= 11.7.
CVE-2026-22516	2 Ancorathemes, Wordpress	2 Wizor's, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through <= 2.12.
CVE-2026-23979	2 Softwebmedia, Wordpress	2 Gyan Elements, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through <= 2.2.1.
CVE-2026-24364	2 Wedevs, Wordpress	2 Wp User Frontend, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5.
CVE-2026-22499	2 Elated-themes, Wordpress	2 Lella, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Lella lella allows PHP Local File Inclusion.This issue affects Lella: from n/a through <= 1.2.
CVE-2026-24369	2 Theme-one, Wordpress	2 The Grid, Wordpress	2026-03-30	7.1 High
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
CVE-2025-69347	2 Convers Lab, Wordpress	2 Wpsubscription, Wordpress	2026-03-30	8.5 High
Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10.
CVE-2026-22512	2 Elated-themes, Wordpress	2 Roisin, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through <= 1.2.1.
CVE-2026-22485	2 Ruhul080, Wordpress	2 My Album Gallery, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through <= 1.0.4.
CVE-2026-22480	2 Webtoffee, Wordpress	2 Product Feed For Woocommerce, Wordpress	2026-03-30	7.2 High
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3.

« first previous Page 305 of 577. next last »