E-plugins CVEs and Security Vulnerabilities

Filtered by vendor E-plugins Subscriptions

Search

Switch to Advanced Search (Beta)

Total 26 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-27396	2 E-plugins, Wordpress	2 Directory Pro, Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
CVE-2026-28127	2 E-plugins, Wordpress	2 Lawyer Directory, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directory: from n/a through <= 1.3.2.
CVE-2025-67966	2 E-plugins, Wordpress	2 Lawyer Directory, Wordpress	2026-04-15	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3.
CVE-2025-69181	2 E-plugins, Wordpress	2 Lawyer Directory, Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4.
CVE-2025-69182	2 E-plugins, Wordpress	2 Institutions Directory, Wordpress	2026-04-15	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4.
CVE-2025-69193	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2025-58638	2 E-plugins, Wordpress	2 Institutions Directory, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through <= 1.3.3.
CVE-2025-69293	2 E-plugins, Wordpress	2 Final User, Wordpress	2026-04-15	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5.
CVE-2025-68058	2 E-plugins, Wordpress	2 Institutions Directory, Wordpress	2026-04-15	7.6 High
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4.
CVE-2025-69292	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2026-04-15	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2025-69192	2 E-plugins, Wordpress	2 Real Estate Pro, Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.
CVE-2025-69184	2 E-plugins, Wordpress	2 Institutions Directory, Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4.
CVE-2025-54717	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3.
CVE-2025-64243	2 E-plugins, Wordpress	2 Directory Pro, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
CVE-2025-13504	2 E-plugins, Wordpress	2 Real Estate Pro, Wordpress	2026-04-15	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through <= 2.1.4.
CVE-2025-52748	2 E-plugins, Wordpress	2 Directory Pro, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Directory Pro directory-pro allows Reflected XSS.This issue affects Directory Pro: from n/a through <= 2.5.5.
CVE-2025-67967	2 E-plugins, Wordpress	2 Lawyer Directory, Wordpress	2026-04-15	7.6 High
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3.
CVE-2025-57948	2 E-plugins, Wordpress	2 Directory Pro, Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Directory Pro directory-pro allows DOM-Based XSS.This issue affects Directory Pro: from n/a through <= 2.5.5.
CVE-2025-68057	2 E-plugins, Wordpress	2 Hospital & Doctor Directory, Wordpress	2026-04-15	7.6 High
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2024-10547	1 E-plugins	1 Wp Membership	2026-04-15	9.8 Critical
The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Page 1 of 2. next last »