CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Total 9043 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-67630	1 Wordpress	1 Wordpress	2025-12-30	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through <= 1.0.2.
CVE-2023-36525	2 Wordpress, Wpjobboard	2 Wordpress, Wpjobboard	2025-12-30	8.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0.
CVE-2025-68565	1 Wordpress	1 Wordpress	2025-12-30	9.8 Critical
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3.
CVE-2025-68537	1 Wordpress	1 Wordpress	2025-12-30	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.
CVE-2025-68529	2 Rhys Wynne, Wordpress	2 Wp Email Capture, Wordpress	2025-12-30	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through <= 3.12.5.
CVE-2025-68583	1 Wordpress	1 Wordpress	2025-12-30	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through <= 1.4.10.
CVE-2023-28619	1 Wordpress	1 Wordpress	2025-12-30	4.3 Medium
Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8.
CVE-2023-32120	1 Wordpress	1 Wordpress	2025-12-30	5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1.
CVE-2025-67909	2 Wordpress, Wpswings	2 Wordpress, Membership For Woocommerce	2025-12-30	8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3.
CVE-2025-68535	2 Sunshinephotocart, Wordpress	2 Sunshine Photo Cart, Wordpress	2025-12-30	9.1 Critical
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.
CVE-2025-68579	1 Wordpress	1 Wordpress	2025-12-30	8.1 High
Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.
CVE-2025-68523	2 Spiffyplugins, Wordpress	2 Spiffy Calendar, Wordpress	2025-12-30	8.1 High
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7.
CVE-2023-40679	2 Jeweltheme, Wordpress	2 Master Addons For Elementor, Wordpress	2025-12-30	6.5 Medium
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.
CVE-2025-68567	2 Wordpress, Wphocus	2 Wordpress, My Auctions Allegro	2025-12-30	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through <= 3.6.32.
CVE-2025-68570	1 Wordpress	1 Wordpress	2025-12-30	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2.
CVE-2025-68533	2 Hasthemes, Wordpress	2 Wc Builder, Wordpress	2025-12-30	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through <= 1.2.0.
CVE-2025-68571	2 Salesmanago, Wordpress	2 Salesmanago, Wordpress	2025-12-30	8.8 High
Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through <= 3.9.0.
CVE-2025-68581	1 Wordpress	1 Wordpress	2025-12-30	8.1 High
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through <= 1.0.11.
CVE-2025-68512	2 Creativeinteractivemedia, Wordpress	2 Real3d Flipbook, Wordpress	2025-12-30	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through <= 4.11.4.
CVE-2025-67629	2 Basticom, Wordpress	2 Framework, Wordpress	2025-12-30	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basticom Basticom Framework basticom-framework allows Stored XSS.This issue affects Basticom Framework: from n/a through <= 1.5.2.

« first previous Page 41 of 453. next last »