VYPR

Vendor CVEs

WordPress

All CVEs

33,183 total · sorted by risk
  • CVE-2026-8732CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.09

    The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce…

  • CVE-2026-42758CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.

  • CVE-2026-42757CriMay 27, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253.

  • CVE-2026-42756CriMay 27, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize…

  • CVE-2026-42748CriMay 27, 2026
    risk 0.64cvss 9.9epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1.

  • CVE-2026-42731CriMay 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9.

  • CVE-2026-6960CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.01

    The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated…

  • CVE-2026-5118CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.00

    The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's…

  • CVE-2026-6279CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.02

    The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `wp_conditional_tags` case in `Fusion_Builder_Conditional_Render_Helper::get_value(…

  • CVE-2026-7637CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.01

    The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known…

  • CVE-2026-6555CriMay 20, 2026
    risk 0.64cvss 9.8epss 0.01

    The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in the upload array undergoes extension and MIME type validation, while all files…

  • CVE-2026-8495CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.00

    Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.

  • CVE-2026-4883CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks…

  • CVE-2026-4885CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only…

  • CVE-2018-25335CriMay 17, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name'…

  • CVE-2021-47965CriMay 15, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to…

  • CVE-2026-6510CriMay 14, 2026
    risk 0.64cvss 9.8epss 0.00

    The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX handler. This makes it possible for…

  • CVE-2026-8181CriMay 14, 2026
    risk 0.64cvss 9.8epss 0.15

    The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when…

  • CVE-2021-47940CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.00

    WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint…

  • CVE-2021-47933CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.01

    WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to…

  • CVE-2021-47932CriMay 10, 2026
    risk 0.64cvss 9.8epss 0.00

    WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcp_register_and_login_ajax action…

  • CVE-2025-13618CriMay 5, 2026
    risk 0.64cvss 9.8epss 0.00

    The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it…

  • CVE-2026-5722CriMay 5, 2026
    risk 0.64cvss 9.8epss 0.00

    The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or regenerating verification tokens when the customer email address is changed. This…

  • CVE-2026-4882CriMay 2, 2026
    risk 0.64cvss 9.8epss 0.01

    The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to…

  • CVE-2026-6235CriApr 22, 2026
    risk 0.64cvss 9.8epss 0.01

    The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This…

  • CVE-2026-6443CriApr 17, 2026
    risk 0.64cvss 9.8epss 0.01

    All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to…

  • CVE-2026-3596CriApr 16, 2026
    risk 0.64cvss 9.8epss 0.01

    The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This…

  • CVE-2026-3461CriApr 15, 2026
    risk 0.64cvss 9.8epss 0.00

    The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address…

  • CVE-2026-34424CriApr 9, 2026
    risk 0.64cvss 9.8epss 0.01

    Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote…

  • CVE-2026-3535CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.01

    The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, and including, 1.1. The function is exposed via a `wp_ajax_nopriv_` hook,…

  • CVE-2026-4003CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.01

    The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspn_ajax_nopriv_server() function within the…

  • CVE-2026-3300CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.41

    The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code…

  • CVE-2026-25429CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through <= 1.1.1.

  • CVE-2026-4001CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.01

    The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to…

  • CVE-2026-4038CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.00

    The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for…

  • CVE-2026-25449CriMar 18, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler allows Object Injection.This issue affects Traveler: from n/a through < 3.2.8.1.

  • CVE-2026-2631CriMar 11, 2026
    risk 0.64cvss 9.8epss 0.01

    The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication in a protected endpoint that…

  • CVE-2026-0953CriMar 10, 2026
    risk 0.64cvss 9.8epss 0.01

    The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the…

  • CVE-2026-2446CriMar 6, 2026
    risk 0.64cvss 9.8epss 0.00

    The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as default_role etc) and create arbitrary admin users

  • CVE-2026-28043CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical…

  • CVE-2026-27389CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1.

  • CVE-2026-22390CriMar 5, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.

  • CVE-2026-2628CriMar 3, 2026
    risk 0.64cvss 9.8epss 0.01

    The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users,…

  • CVE-2025-12981CriFeb 27, 2026
    risk 0.64cvss 9.8epss 0.01

    The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This…

  • CVE-2026-23549CriFeb 19, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.

  • CVE-2025-13851CriFeb 19, 2026
    risk 0.64cvss 9.8epss 0.00

    The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user role during registration via the REST…

  • CVE-2025-13563CriFeb 19, 2026
    risk 0.64cvss 9.8epss 0.00

    The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for…

  • CVE-2025-12882CriFeb 19, 2026
    risk 0.64cvss 9.8epss 0.00

    The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listing_user_role' parameter. This makes it…

  • CVE-2025-14892CriFeb 12, 2026
    risk 0.64cvss 9.8epss 0.00

    The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.

  • CVE-2026-1729CriFeb 12, 2026
    risk 0.64cvss 9.8epss 0.01

    The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it…

Page 10 of 664