Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11918 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39619 | 2 Priyanshumittal, Wordpress | 2 Busiprof, Wordpress | 2026-04-24 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2. | ||||
| CVE-2026-39608 | 2 Ipospays, Wordpress | 2 Ipospays Gateways Wc, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7. | ||||
| CVE-2026-39611 | 2 Kutethemes, Wordpress | 2 Kuteshop, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through <= 4.2.9. | ||||
| CVE-2026-39623 | 2 Kutethemes, Wordpress | 2 Biolife, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through <= 3.2.3. | ||||
| CVE-2026-39610 | 2 Pankaj Kumar, Wordpress | 2 Wpxmas-snow, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1. | ||||
| CVE-2026-39615 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53. | ||||
| CVE-2026-39625 | 2 Kutethemes, Wordpress | 2 Techone, Wordpress | 2026-04-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through <= 3.0.3. | ||||
| CVE-2026-39621 | 2 Spicethemes, Wordpress | 2 Spicepress, Wordpress | 2026-04-24 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5. | ||||
| CVE-2026-39613 | 2 Kutethemes, Wordpress | 2 Boutique, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through <= 2.3.3. | ||||
| CVE-2026-39620 | 2 Priyanshumittal, Wordpress | 2 Appointment, Wordpress | 2026-04-24 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5. | ||||
| CVE-2026-39606 | 2 Foysal Imran, Wordpress | 2 Bizreview, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13. | ||||
| CVE-2026-39604 | 2 Wordpress, Zookatron | 2 Wordpress, Mybooktable Bookstore | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0. | ||||
| CVE-2026-39607 | 2 Wordpress, Wpbens | 2 Wordpress, Filter Plus | 2026-04-24 | 5.4 Medium |
| Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through <= 1.1.17. | ||||
| CVE-2026-39622 | 2 Acmethemes, Wordpress | 2 Education Base, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8. | ||||
| CVE-2026-39617 | 2 Priyanshumittal, Wordpress | 2 Bluestreet, Wordpress | 2026-04-24 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3. | ||||
| CVE-2026-39634 | 2 Themegoods, Wordpress | 2 Grand Portfolio, Wordpress | 2026-04-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3. | ||||
| CVE-2026-39649 | 2 Themebeez, Wordpress | 2 Royale News, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2.4. | ||||
| CVE-2026-39646 | 2 Bozdoz, Wordpress | 2 Leaflet Map, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through <= 3.4.4. | ||||
| CVE-2026-39629 | 2 Kutethemes, Wordpress | 2 Uminex, Wordpress | 2026-04-24 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through <= 1.0.9. | ||||
| CVE-2026-39643 | 2 Payment Plugins, Wordpress | 2 Payment Plugins For Paypal Woocommerce, Wordpress | 2026-04-24 | 5.3 Medium |
| Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Plugins for PayPal WooCommerce: from n/a through <= 2.0.13. | ||||