Search
Search Results (13963 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25437 | 2 Cherryframework, Wordpress | 2 Cherry Framework Themes, Wordpress | 2026-06-23 | 7.5 High |
| WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can directly access the download_backup.php script in the admin/data_management directory to obtain ZIP archives containing the entire wp-content/themes directory contents. | ||||
| CVE-2026-49062 | 2 Wordpress, Wp Engine | 2 Wordpress, Faust.js | 2026-06-23 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7. | ||||
| CVE-2026-49064 | 2 Stiofan, Wordpress | 2 Getpaid, Wordpress | 2026-06-23 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49. | ||||
| CVE-2025-15658 | 2 Rewish, Wordpress | 2 Wp Emmet, Wordpress | 2026-06-23 | 5.9 Medium |
| Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions. | ||||
| CVE-2025-15659 | 2 Liseperu, Wordpress | 2 Elizaibots, Wordpress | 2026-06-23 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions. | ||||
| CVE-2025-60175 | 2 Vynnus, Wordpress | 2 Popad, Wordpress | 2026-06-23 | 4.4 Medium |
| Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions. | ||||
| CVE-2025-68049 | 2 Bunny.net, Wordpress | 2 Bunny.net, Wordpress | 2026-06-23 | 6.3 Medium |
| Subscriber Broken Access Control in bunny.net <= 2.3.6 versions. | ||||
| CVE-2025-68840 | 2 Markbeljaars, Wordpress | 2 Irobots.txt Seo, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions. | ||||
| CVE-2025-68851 | 2 Arrayhq, Wordpress | 2 Okay Toolkit, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions. | ||||
| CVE-2025-68872 | 2 Eli, Wordpress | 2 Eli's Wordcents Adsense Widget With Analytics, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions. | ||||
| CVE-2025-69332 | 2 Mycred, Wordpress | 2 Bookify, Wordpress | 2026-06-23 | 6.5 Medium |
| Subscriber Broken Access Control in Bookify <= 1.1.1 versions. | ||||
| CVE-2026-25425 | 2 Themegrill, Wordpress | 2 User Registration, Wordpress | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. | ||||
| CVE-2026-34898 | 2 Wordpress, Wp Swings | 2 Wordpress, Event Tickets Manager For Woocommerce | 2026-06-23 | 7.5 High |
| Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions. | ||||
| CVE-2026-34901 | 2 Paul, Wordpress | 2 Icontrolwp, Wordpress | 2026-06-23 | 9.8 Critical |
| Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions. | ||||
| CVE-2026-39441 | 2 Naked Cat Plugins (by Webdados), Wordpress | 2 Feed Kuantokusta For Woocommerce – Free, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions. | ||||
| CVE-2026-39468 | 2 Elightup, Wordpress | 2 Meta Box – Wordpress Custom Fields Framework, Wordpress | 2026-06-23 | 6.8 Medium |
| Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions. | ||||
| CVE-2026-39492 | 2 Flipper Code – Wordpress Development Company, Wordpress | 2 Wp Maps, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions. | ||||
| CVE-2026-39498 | 2 Wordpress, Yeeaddons | 2 Wordpress, Yaymail | 2026-06-23 | 7.2 High |
| Shop manager PHP Object Injection in YayMail <= 4.3.3 versions. | ||||
| CVE-2026-39507 | 2 Themeisle, Wordpress | 2 Social Slider Feed, Wordpress | 2026-06-23 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions. | ||||
| CVE-2026-39511 | 2 Jacob N. Breetvelt, Wordpress | 2 Wp Photo Album Plus, Wordpress | 2026-06-23 | 9.3 Critical |
| Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions. | ||||