VYPR

Vendor CVEs

WordPress

All CVEs

32,708 total · sorted by risk
  • CVE-2020-29045CriMar 11, 2021
    risk 0.66cvss 9.8epss 0.31

    The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php.

  • CVE-2019-6703CriJan 27, 2019
    risk 0.66cvss 9.8epss 0.26

    Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to…

  • CVE-2018-15877HigAug 26, 2018
    risk 0.66cvss 8.8epss 0.77

    The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.

  • CVE-2026-48836CriJun 15, 2026
    risk 0.65cvss 10.0epss 0.01

    Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.

  • CVE-2026-40772CriJun 15, 2026
    risk 0.65cvss 10.0epss 0.00

    Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.

  • CVE-2026-52704CriJun 15, 2026
    risk 0.65cvss 10.0epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8.

  • CVE-2026-49777CriJun 5, 2026
    risk 0.65cvss 10.0epss 0.02

    Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.

  • CVE-2026-45444CriMay 20, 2026
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.

  • CVE-2026-23693CriFeb 23, 2026
    risk 0.65cvss 10.0epss 0.00

    ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied…

  • CVE-2026-1405CriFeb 19, 2026
    risk 0.65cvss 9.8epss 0.03

    The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload…

  • CVE-2025-68001CriJan 22, 2026
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0.

  • CVE-2026-23800CriJan 16, 2026
    risk 0.65cvss 10.0epss 0.00

    Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.

  • CVE-2025-6327CriNov 6, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.

  • CVE-2025-60235CriNov 6, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Support Ticket System for WooCommerce (Premium): from n/a through <=…

  • CVE-2025-60207CriNov 6, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a…

  • CVE-2025-53283CriNov 6, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in borisolhor Drop Uploader for CF7 - Drag&Drop File Uploader Addon drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon allows Upload a Web Shell to a Web Server.This issue affects Drop Uploader for CF7 -…

  • CVE-2025-49372CriNov 6, 2025
    risk 0.65cvss 10.0epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Remote Code Inclusion.This issue affects HAPPY: from n/a through <= 1.0.7.

  • CVE-2025-60206CriOct 22, 2025
    risk 0.65cvss 10.0epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3.

  • CVE-2025-58963CriOct 22, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9.

  • CVE-2025-49060CriOct 22, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a through < 1.1.3.

  • CVE-2025-48106CriOct 22, 2025
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through < 1.3.1.

  • CVE-2025-60219CriSep 26, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro wc-designer-pro allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Designer Pro: from n/a through <= 1.9.24.

  • CVE-2025-49387CriAug 28, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop File Upload for Elementor Forms:…

  • CVE-2025-53577CriAug 20, 2025
    risk 0.65cvss 10.0epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS global-dns allows Remote Code Inclusion.This issue affects Global DNS: from n/a through <= 3.1.0.

  • CVE-2025-49410CriAug 20, 2025
    risk 0.65cvss 10.0epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through 1.1.1.

  • CVE-2025-49408CriAug 20, 2025
    risk 0.65cvss 10.0epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7.

  • CVE-2025-25174CriAug 14, 2025
    risk 0.65cvss 10.0epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions beeteam368-extensions allows PHP Local File Inclusion.This issue affects BeeTeam368 Extensions: from n/a through <= 1.9.4.

  • CVE-2025-29009CriJul 16, 2025
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment…

  • CVE-2025-49414CriJul 4, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Using Malicious Files.This issue affects FW Gallery: from n/a through <= 8.0.0.

  • CVE-2025-49302CriJul 4, 2025
    risk 0.65cvss 10.0epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe easy-stripe allows Remote Code Inclusion.This issue affects Easy Stripe: from n/a through <= 1.1.

  • CVE-2025-30933CriJul 4, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub logistics-hub allows Upload a Web Shell to a Web Server.This issue affects LogisticsHub: from n/a through <= 1.1.6.

  • CVE-2025-6934CriJul 1, 2025
    risk 0.65cvss 9.8epss 0.22

    The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction…

  • CVE-2025-49885CriJun 27, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce:…

  • CVE-2025-49447CriJun 17, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0.

  • CVE-2025-49444CriJun 17, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects Reformer for Elementor: from n/a through <= 1.0.5.

  • CVE-2025-49071CriJun 17, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen flozen-theme allows Upload a Web Shell to a Web Server.This issue affects Flozen: from n/a through < 1.5.1.

  • CVE-2025-32510CriJun 17, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager ova-events-manager allows Using Malicious Files.This issue affects Ovatheme Events Manager: from n/a through <= 1.8.4.

  • CVE-2025-48123CriJun 9, 2025
    risk 0.65cvss 10.0epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code Injection.This issue affects…

  • CVE-2025-32291CriJun 9, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious Files.This issue affects SUMO Affiliates Pro: from n/a through < 11.1.0.

  • CVE-2025-47687CriMay 23, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4.

  • CVE-2025-47646CriMay 23, 2025
    risk 0.65cvss 9.8epss 0.22

    Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration psw-login-and-registration allows Password Recovery Exploitation.This issue affects PSW Front-end Login & Registration: from n/a through <= 1.13.

  • CVE-2025-47642CriMay 23, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.5.

  • CVE-2025-47641CriMay 23, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Upload a Web Shell to a Web Server.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a…

  • CVE-2025-47637CriMay 23, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS staggs allows Upload a Web Shell to a Web Server.This issue affects STAGGS: from n/a through <= 2.11.0.

  • CVE-2025-4322CriMay 20, 2025
    risk 0.65cvss 9.8epss 0.18

    The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated…

  • CVE-2025-39401CriMay 19, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023).

  • CVE-2025-39380CriMay 19, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through <= 47.0(20-11-2023).

  • CVE-2025-47577CriMay 19, 2025
    risk 0.65cvss 10.0epss 0.05

    Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.9.2.

  • CVE-2025-32660CriApr 17, 2025
    risk 0.65cvss 10.0epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2.

  • CVE-2025-32583CriApr 17, 2025
    risk 0.65cvss 9.9epss 0.13

    Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0.

Page 5 of 655