Filtered by vendor Wordpress Subscriptions
Total 13785 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-32380 2 Raratheme, Wordpress 2 Numinous, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through <= 1.3.0.
CVE-2026-32366 2 Robfelty, Wordpress 2 Collapsing Categories, Wordpress 2026-04-22 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.
CVE-2026-32355 2 Crocoblock, Wordpress 2 Jetengine, Wordpress 2026-04-22 8.8 High
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.
CVE-2026-32338 2 Rarathemes, Wordpress 2 Construction Landing Page, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.
CVE-2026-32335 2 Rarathemes, Wordpress 2 The Conference, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.
CVE-2026-32426 2 Themelexus, Wordpress 2 Medilazar Core, Wordpress 2026-04-22 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through < 1.4.7.
CVE-2026-32344 2 Desertthemes, Wordpress 2 Corpiva, Wordpress 2026-04-22 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96.
CVE-2026-32452 2 Themefusion, Wordpress 2 Fusion Builder, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.
CVE-2026-32384 2 Magepeopleteam, Wordpress 2 Wpbookingly, Wordpress 2026-04-22 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through <= 1.2.9.
CVE-2026-32460 2 Themefic, Wordpress 2 Ultimate Addons For Contact Form 7, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36.
CVE-2026-31918 2 Immonex, Wordpress 2 Immonex Kickstart, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0.
CVE-2026-32454 2 Theme-fusion, Wordpress 2 Avada, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.
CVE-2026-32379 2 Raratheme, Wordpress 2 Rara Academic, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.
CVE-2026-32393 2 Creatives Planet, Wordpress 2 Greenly Theme Addons, Wordpress 2026-04-22 7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.
CVE-2026-32431 2 Brainstorm Force, Wordpress 2 Astra Bulk Edit, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10.
CVE-2026-32486 2 Wordpress, Wptravelengine 2 Wordpress, Travel Booking 2026-04-22 5.3 Medium
Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9.
CVE-2026-32328 2 Shufflehound, Wordpress 2 Lemmony, Wordpress 2026-04-22 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in shufflehound Lemmony lemmony allows Cross Site Request Forgery.This issue affects Lemmony: from n/a through < 1.7.1.
CVE-2026-32543 2 Cyberchimps, Wordpress 2 Responsive Blocks, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0.
CVE-2026-32337 2 Rarathemes, Wordpress 2 Preschool And Kindergarten, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.5.
CVE-2026-32349 2 Andy Fragen, Wordpress 2 Embed Pdf Viewer, Wordpress 2026-04-22 4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through <= 2.4.7.