CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 11174 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-2367	2 Ays-pro, Wordpress	2 Secure Copy Content Protection And Content Locking, Wordpress	2026-02-26	6.4 Medium
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ays_block' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-67998	2 Kamleshyadav, Wordpress	2 Miraculous Elementor, Wordpress	2026-02-26	8.8 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7.
CVE-2025-67973	2 Sunshinephotocart, Wordpress	2 Sunshine Photo Cart, Wordpress	2026-02-26	6.5 Medium
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.6.2.
CVE-2025-67969	2 Knitpay, Wordpress	2 Upi Qr Code Payment Gateway For Woocommerce, Wordpress	2026-02-26	6.5 Medium
Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1.
CVE-2025-67547	2 Uixthemes, Wordpress	2 Konte, Wordpress	2026-02-26	6.5 Medium
Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.
CVE-2025-14339	2 Wedevs, Wordpress	2 Wemail: Email Marketing, Email Automation, Newsletters, Subscribers & Ecommerce Email Optins, Wordpress	2026-02-26	6.5 Medium
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only validating the `X-WP-Nonce` header without checking user capabilities. Since the REST nonce is exposed to unauthenticated visitors via the `weMail` JavaScript object on pages with weMail forms, any unauthenticated user can permanently delete all weMail forms by extracting the nonce from the page source and sending a DELETE request to the forms endpoint.
CVE-2025-68025	2 Addonify, Wordpress	2 Addonify Floating Cart For Woocommerce, Wordpress	2026-02-26	6.5 Medium
Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify Floating Cart For WooCommerce: from n/a through <= 1.2.17.
CVE-2025-68023	2 Addonify, Wordpress	2 Addonify – Compare Products For Woocommerce, Wordpress	2026-02-26	6.5 Medium
Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through <= 1.1.17.
CVE-2025-68021	2 Conveythis, Wordpress	2 Conveythis, Wordpress	2026-02-26	6.5 Medium
Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.5.
CVE-2025-68002	2 100plugins, Wordpress	2 Open User Map, Wordpress	2026-02-26	6.5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a through <= 1.4.16.
CVE-2025-67994	2 Wordpress, Yaycommerce	2 Wordpress, Yaycurrency	2026-02-26	7.5 High
Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3.
CVE-2025-67975	2 Adirectory, Wordpress	2 Adirectory, Wordpress	2026-02-26	6.5 Medium
Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.3.
CVE-2025-52744	2 Inpersttion, Wordpress	2 Inpersttion For Theme, Wordpress	2026-02-26	7.6 High
Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0.
CVE-2025-68048	2 Wordpress, Xlplugins	2 Wordpress, Nextmove	2026-02-25	7.5 High
Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.
CVE-2025-68042	2 Travelpayouts, Wordpress	2 Travelpayouts, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through <= 1.2.1.
CVE-2025-68032	2 Passionate Brains, Wordpress	2 Advanced Wc Analytics, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0.
CVE-2025-68028	2 Passionate Brains, Wordpress	2 Ga4wp: Google Analytics For Wordpress, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.
CVE-2025-68549	2 Wordpress, Zozothemes	2 Wordpress, Wiguard	2026-02-25	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1.
CVE-2025-68514	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2026-02-25	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.16.8.
CVE-2025-68051	2 Shiprocket, Wordpress	2 Shiprocket, Wordpress	2026-02-25	7.4 High
Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through <= 2.0.8.

« first previous Page 44 of 559. next last »