Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
6958 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62061 | 2 Implecode, Wordpress | 2 Product Catalog Simple, Wordpress | 2025-10-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in impleCode Product Catalog Simple post-type-x.This issue affects Product Catalog Simple: from n/a through <= 1.8.4. | ||||
| CVE-2025-62060 | 2 Themepoints, Wordpress | 2 Tab Ultimate, Wordpress | 2025-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Tab Ultimate tabs-pro.This issue affects Tab Ultimate: from n/a through <= 1.8. | ||||
| CVE-2025-62058 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2025-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through < 4.2.0. | ||||
| CVE-2025-62054 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2025-10-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through <= 4.1.8. | ||||
| CVE-2025-62052 | 2 Horea Radu, Wordpress | 2 One Page Express Companion, Wordpress | 2025-10-23 | 4.3 Medium |
| Missing Authorization vulnerability in Horea Radu One Page Express Companion one-page-express-companion.This issue affects One Page Express Companion: from n/a through <= 1.6.43. | ||||
| CVE-2025-62042 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through <= 5.10.3. | ||||
| CVE-2025-62024 | 2 Jonathanjernigan, Wordpress | 2 Pie Calendar, Wordpress | 2025-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar pie-calendar.This issue affects Pie Calendar: from n/a through <= 1.2.9. | ||||
| CVE-2025-62020 | 2 Infomaniak, Wordpress | 2 Vod Infomaniak, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through <= 1.5.11. | ||||
| CVE-2025-60246 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through <= 1.0. | ||||
| CVE-2025-60224 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9. | ||||
| CVE-2025-60222 | 3 Fantasticplugins, Woocommerce, Wordpress | 3 Sumo Memberships For Woocommerce, Woocommerce, Wordpress | 2025-10-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0. | ||||
| CVE-2025-60221 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3. | ||||
| CVE-2025-60220 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0. | ||||
| CVE-2025-60216 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through <= 1.4.2. | ||||
| CVE-2025-60215 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through <= 3.4. | ||||
| CVE-2025-60212 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2. | ||||
| CVE-2025-60211 | 3 Extendons, Woocommerce, Wordpress | 3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress | 2025-10-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3. | ||||
| CVE-2025-60210 | 2 Wordpress, Wpeverest | 2 Wordpress, Everest Forms | 2025-10-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5. | ||||
| CVE-2025-60209 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.6. | ||||
| CVE-2025-60208 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through <= 2.0.9. | ||||