CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Total 9069 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-49364	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.This issue affects Ludos Paradise: from n/a through <= 2.1.3.
CVE-2025-57897	1 Wordpress	1 Wordpress	2025-12-19	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in venusweb Logtik logtik allows Reflected XSS.This issue affects Logtik: from n/a through <= 2.3.
CVE-2025-49365	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This issue affects Jack Well: from n/a through <= 1.0.14.
CVE-2025-58710	1 Wordpress	1 Wordpress	2025-12-19	8.6 High
Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0.
CVE-2025-49369	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lettuce lettuce allows PHP Local File Inclusion.This issue affects Lettuce: from n/a through <= 1.1.7.
CVE-2025-49919	2 Wordpress, Wpcenter	2 Wordpress, Eroom	2025-12-19	5.8 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in WPCenter eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.
CVE-2025-55707	2 Wordpress, Wpxpo	2 Wordpress, Postx	2025-12-19	7.2 High
Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.
CVE-2025-53433	1 Wordpress	1 Wordpress	2025-12-19	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes EasyEat easyeat allows PHP Local File Inclusion.This issue affects EasyEat: from n/a through <= 1.9.0.
CVE-2025-49360	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology militarology allows PHP Local File Inclusion.This issue affects Militarology: from n/a through <= 1.0.15.
CVE-2025-14314	1 Wordpress	1 Wordpress	2025-12-19	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through <= 2.1.5.
CVE-2025-54743	2 Mkscripts, Wordpress	2 Download After Email, Wordpress	2025-12-19	5.3 Medium
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6.
CVE-2025-53429	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Exit Game exit-game allows PHP Local File Inclusion.This issue affects Exit Game: from n/a through <= 1.4.3.
CVE-2025-13498	2 Codename065, Wordpress	2 Download Manager Plugin, Wordpress	2025-12-19	4.3 Medium
The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the `wpdm_media_access` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve passwords and access control settings for protected media attachments, which can then be used to bypass the intended media protection and download restricted files.
CVE-2025-54723	1 Wordpress	1 Wordpress	2025-12-19	9.8 Critical
Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.3.
CVE-2025-53436	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Monki monki allows PHP Local File Inclusion.This issue affects Monki: from n/a through <= 2.0.4.
CVE-2025-49918	2 Vikwp, Wordpress	2 Vikbooking Hotel Booking Engine & Pms, Wordpress	2025-12-19	5.9 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.
CVE-2025-49368	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Palladio palladio allows PHP Local File Inclusion.This issue affects Palladio: from n/a through <= 1.1.10.
CVE-2025-49361	1 Wordpress	1 Wordpress	2025-12-19	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue affects Mamita: from n/a through <= 1.0.9.
CVE-2025-54745	2 Miniorange, Wordpress	2 Google Authenticator, Wordpress	2025-12-19	6.5 Medium
Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through <= 6.1.1.
CVE-2025-60072	1 Wordpress	1 Wordpress	2025-12-19	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Anchor smooth scroll anchor-smooth-scroll allows PHP Local File Inclusion.This issue affects Anchor smooth scroll: from n/a through <= 1.0.2.

« first previous Page 54 of 454. next last »