Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
12081 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27986 | 2 Themerex, Wordpress | 2 Ostende, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX OsTende ostende allows PHP Local File Inclusion.This issue affects OsTende: from n/a through <= 1.4.3. | ||||
| CVE-2026-27985 | 2 Themerex, Wordpress | 2 Humanum, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Humanum humanum allows PHP Local File Inclusion.This issue affects Humanum: from n/a through <= 1.1.4. | ||||
| CVE-2026-27984 | 2 Marketingfire, Wordpress | 2 Widget-options, Wordpress | 2026-04-22 | 9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through <= 4.1.3. | ||||
| CVE-2026-27983 | 2 Designthemes, Wordpress | 2 Lms Elementor Pro, Wordpress | 2026-04-22 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4. | ||||
| CVE-2026-27438 | 2 Themerex, Wordpress | 2 Kingler, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7. | ||||
| CVE-2026-27437 | 2 Themerex, Wordpress | 2 Tennis Club, Wordpress | 2026-04-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3. | ||||
| CVE-2026-27396 | 2 E-plugins, Wordpress | 2 Directory Pro, Wordpress | 2026-04-22 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6. | ||||
| CVE-2026-27390 | 2 Designthemes, Wordpress | 2 Wedesigntech Ultimate Booking Addon, Wordpress | 2026-04-22 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | ||||
| CVE-2026-27389 | 2 Designthemes, Wordpress | 2 Wedesigntech Ultimate Booking Addon, Wordpress | 2026-04-22 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | ||||
| CVE-2026-27388 | 2 Designthemes, Wordpress | 2 Designthemes Booking Manager, Wordpress | 2026-04-22 | 7.5 High |
| Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Booking Manager: from n/a through <= 2.0. | ||||
| CVE-2026-27384 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-04-22 | 9 Critical |
| Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1. | ||||
| CVE-2026-27383 | 2 Radiustheme, Wordpress | 2 Metro, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metro: from n/a through <= 2.13. | ||||
| CVE-2026-27376 | 2 Janstudio, Wordpress | 2 Claue - Clean, Minimal Elementor Woocommerce Theme, Wordpress | 2026-04-22 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through <= 2.2.7. | ||||
| CVE-2026-27375 | 2 Janstudio, Wordpress | 2 Gecko, Wordpress | 2026-04-22 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8. | ||||
| CVE-2026-27374 | 2 Vanquish, Wordpress | 2 Woocommerce Order Details, Wordpress | 2026-04-22 | 7.5 High |
| Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Order Details: from n/a through <= 3.1. | ||||
| CVE-2026-27369 | 2 Boldthemes, Wordpress | 2 Celeste, Wordpress | 2026-04-22 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6. | ||||
| CVE-2026-27363 | 2 Kamleshyadav, Wordpress | 2 Wp Bakery Autoresponder Addon, Wordpress | 2026-04-22 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6. | ||||
| CVE-2026-27361 | 2 Webcodingplace, Wordpress | 2 Responsive Posts Carousel Pro, Wordpress | 2026-04-22 | 7.5 High |
| Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.1. | ||||
| CVE-2026-27353 | 2 Themegoods, Wordpress | 2 Grand News, Wordpress | 2026-04-22 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through <= 3.4.3. | ||||
| CVE-2026-27342 | 2 Mikado-themes, Wordpress | 2 Topfit - Fitness And Gym Wordpress Theme, Wordpress | 2026-04-22 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a through <= 1.9. | ||||