ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
9043 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60180 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Hubspot, Wp Gravity Forms Salesforce, Wordpress | 2026-01-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.5.1. | ||||
| CVE-2025-68893 | 2 Hetworks, Wordpress | 2 Wordpress Image Shrinker, Wordpress | 2025-12-31 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0. | ||||
| CVE-2025-68876 | 1 Wordpress | 1 Wordpress | 2025-12-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through 1.0.8. | ||||
| CVE-2025-68877 | 1 Wordpress | 1 Wordpress | 2025-12-31 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CedCommerce CedCommerce Integration for Good Market allows PHP Local File Inclusion.This issue affects CedCommerce Integration for Good Market: from n/a through 1.0.6. | ||||
| CVE-2025-68870 | 1 Wordpress | 1 Wordpress | 2025-12-31 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through 1.0.0. | ||||
| CVE-2025-68861 | 2 Plugin Optimizer, Wordpress | 2 Plugin Optimizer, Wordpress | 2025-12-31 | 7.1 High |
| Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7. | ||||
| CVE-2025-68879 | 1 Wordpress | 1 Wordpress | 2025-12-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Councilsoft Content Grid Slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through 1.5. | ||||
| CVE-2025-68897 | 1 Wordpress | 1 Wordpress | 2025-12-31 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2. | ||||
| CVE-2025-68878 | 1 Wordpress | 1 Wordpress | 2025-12-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasadkirpekar Advanced Custom CSS allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through 1.1.0. | ||||
| CVE-2025-68868 | 1 Wordpress | 1 Wordpress | 2025-12-31 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeaffairs Wp Text Slider Widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through 1.0. | ||||
| CVE-2025-68494 | 2 Leap13, Wordpress | 2 Premium Addons For Elementor, Wordpress | 2025-12-31 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53. | ||||
| CVE-2025-53420 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows Reflected XSS.This issue affects WPLMS: from n/a through <= 1.9.9.8. | ||||
| CVE-2024-8914 | 1 Wordpress | 2 Thanh Toan Quet Ma Qr Code Tu Dong, Wordpress | 2025-12-31 | 7.2 High |
| The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-9582 | 2 Bqworks, Wordpress | 2 Accordion Slider, Wordpress | 2025-12-31 | 6.4 Medium |
| The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation by Contributor-level users requires an Administrator-level user to provide access to the plugin's admin area via the `Access` plugin setting, which is restricted to administrators by default. | ||||
| CVE-2024-56055 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-31 | 8.5 High |
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | ||||
| CVE-2025-63035 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-31 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. | ||||
| CVE-2025-68505 | 2 H5p, Wordpress | 2 H5p, Wordpress | 2025-12-30 | 8.8 High |
| Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1. | ||||
| CVE-2025-68500 | 2 Bdthemes, Wordpress | 2 Prime Slider, Wordpress | 2025-12-30 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10. | ||||
| CVE-2025-68508 | 2 Brave, Wordpress | 2 Brave Popup Builder, Wordpress | 2025-12-30 | 9.1 Critical |
| Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3. | ||||
| CVE-2025-68591 | 2 Mitchell Bennis, Wordpress | 2 Simple File List, Wordpress | 2025-12-30 | 8.1 High |
| Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.15. | ||||