ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
9043 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68595 | 2 Trustindex, Wordpress | 2 Widgets For Social Photo Feed, Wordpress | 2025-12-30 | 8.8 High |
| Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.7.7. | ||||
| CVE-2025-68588 | 2 Total-soft, Wordpress | 2 Ts Poll, Wordpress | 2025-12-30 | 8.1 High |
| Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.3. | ||||
| CVE-2025-68597 | 2 Blueglass, Wordpress | 2 Jobs For Wordpress, Wordpress | 2025-12-30 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through <= 2.7.17. | ||||
| CVE-2025-67631 | 2 Ecommerce Platforms, Wordpress | 2 Gift Hunt, Wordpress | 2025-12-30 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ecommerce Platforms Gift Hunt gift-hunt allows Stored XSS.This issue affects Gift Hunt: from n/a through <= 2.0.2. | ||||
| CVE-2025-68580 | 2 Pluginsware, Wordpress | 2 Advanced Classifieds & Directory Pro, Wordpress | 2025-12-30 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9. | ||||
| CVE-2025-68586 | 2 Goratech, Wordpress | 2 Cooked, Wordpress | 2025-12-30 | 8.8 High |
| Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.2. | ||||
| CVE-2025-68528 | 3 Woocommerce, Wordpress, Wpfactory | 3 Woocommerce, Wordpress, Free Shipping Bar | 2025-12-30 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce amount-left-free-shipping-woocommerce allows Stored XSS.This issue affects Free Shipping Bar: Amount Left for Free Shipping for WooCommerce: from n/a through <= 2.4.9. | ||||
| CVE-2025-68516 | 2 Essekia, Wordpress | 2 Tablesome Table, Wordpress | 2025-12-30 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1. | ||||
| CVE-2025-68511 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2025-12-30 | 9.1 Critical |
| Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1. | ||||
| CVE-2025-68582 | 2 Funnelforms, Wordpress | 3 Funnelforms, Funnelforms Free, Wordpress | 2025-12-30 | 8.8 High |
| Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through <= 3.8. | ||||
| CVE-2025-68517 | 2 Essekia, Wordpress | 2 Tablesome Table, Wordpress | 2025-12-30 | 8.1 High |
| Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1. | ||||
| CVE-2025-68038 | 2 Icegram, Wordpress | 2 Icegram Express, Wordpress | 2025-12-30 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through <= 5.9.11. | ||||
| CVE-2025-68527 | 2 Kodezen, Wordpress | 2 Academy Lms, Wordpress | 2025-12-30 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kodezen LLC Academy LMS academy allows Stored XSS.This issue affects Academy LMS: from n/a through <= 3.4.0. | ||||
| CVE-2025-68568 | 2 Popup Builder, Wordpress | 2 Popup Builder, Wordpress | 2025-12-30 | 7.5 High |
| Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker: from n/a through <= 1.0.5. | ||||
| CVE-2025-68596 | 2 Bitapps, Wordpress | 2 Bit Assist, Wordpress | 2025-12-30 | 8.8 High |
| Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11. | ||||
| CVE-2025-68590 | 2 Crm Perks, Wordpress | 2 Integration For Contact Form 7 Hubspot, Wordpress | 2025-12-30 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2. | ||||
| CVE-2025-68532 | 3 Elementor, Modeltheme, Wordpress | 3 Elementor, Addons For Wpbakery And Elementor, Wordpress | 2025-12-30 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Stored XSS.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6. | ||||
| CVE-2025-14913 | 2 Wordpress, Wpshuffle | 2 Wordpress, Frontend Post Submission Manager | 2025-12-30 | 5.3 Medium |
| The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'media_delete_action' function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to delete arbitrary attachments. | ||||
| CVE-2025-13958 | 1 Wordpress | 1 Wordpress | 2025-12-30 | 5.9 Medium |
| The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-13407 | 2 Gravityforms, Wordpress | 2 Gravity Forms, Wordpress | 2025-12-30 | 6.8 Medium |
| The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload path. | ||||