Vendor CVEs
WordPress
All CVEs
33,183 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-69126 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. | |||
| CVE-2025-69123 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. | |||
| CVE-2025-69120 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. | |||
| CVE-2025-69115 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions. | |||
| CVE-2025-69111 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. | |||
| CVE-2025-69106 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions. | |||
| CVE-2025-68524 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions. | |||
| CVE-2025-59554 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions. | |||
| CVE-2025-15657 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions. | |||
| CVE-2026-54193 | 0.00 | — | 0.00 | Jun 17, 2026 | Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions. | |||
| CVE-2024-37496 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7. | |||
| CVE-2024-37210 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5. | |||
| CVE-2024-35690 | 0.00 | — | 0.00 | Jun 17, 2026 | Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1. | |||
| CVE-2024-35648 | 0.00 | — | 0.00 | Jun 17, 2026 | Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0. | |||
| CVE-2024-33909 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1. | |||
| CVE-2024-32949 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8. | |||
| CVE-2024-32729 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8. | |||
| CVE-2024-24709 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11. | |||
| CVE-2025-31013 | 0.00 | — | 0.00 | Jun 17, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6. | |||
| CVE-2024-31435 | 0.00 | — | 0.00 | Jun 17, 2026 | : Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6. | |||
| CVE-2024-33685 | 0.00 | — | 0.00 | Jun 17, 2026 | Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1. | |||
| CVE-2024-34810 | 0.00 | — | 0.00 | Jun 17, 2026 | Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10. | |||
| CVE-2026-54811 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in WP eMember < v10.9.4 versions. | |||
| CVE-2026-54807 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. | |||
| CVE-2026-54806 | 0.00 | — | 0.01 | Jun 17, 2026 | Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions. | |||
| CVE-2026-54805 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions. | |||
| CVE-2026-54804 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions. | |||
| CVE-2026-54803 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions. | |||
| CVE-2026-54802 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions. | |||
| CVE-2026-54196 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions. | |||
| CVE-2026-54195 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions. | |||
| CVE-2026-54192 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions. | |||
| CVE-2026-54189 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | |||
| CVE-2026-54188 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | |||
| CVE-2026-54187 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions. | |||
| CVE-2026-54186 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions. | |||
| CVE-2026-54185 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber SQL Injection in Cornerstone < 7.8.8 versions. | |||
| CVE-2026-54184 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions. | |||
| CVE-2026-52706 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions. | |||
| CVE-2026-52705 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. | |||
| CVE-2026-52698 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions. | |||
| CVE-2026-52696 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions. | |||
| CVE-2026-49778 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | |||
| CVE-2026-49767 | 0.00 | — | 0.01 | Jun 17, 2026 | Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions. | |||
| CVE-2026-49107 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions. | |||
| CVE-2026-49084 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions. | |||
| CVE-2026-49081 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions. | |||
| CVE-2026-49079 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions. | |||
| CVE-2026-49076 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. | |||
| CVE-2026-49075 | 0.00 | — | 0.00 | Jun 17, 2026 | Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions. |
- CVE-2025-69126Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.
- CVE-2025-69123Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.
- CVE-2025-69120Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
- CVE-2025-69115Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
- CVE-2025-69111Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
- CVE-2025-69106Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
- CVE-2025-68524Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.
- CVE-2025-59554Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
- CVE-2025-15657Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
- CVE-2026-54193Jun 17, 2026risk 0.00cvss —epss 0.00
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
- CVE-2024-37496Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.3.7.
- CVE-2024-37210Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.
- CVE-2024-35690Jun 17, 2026risk 0.00cvss —epss 0.00
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.
- CVE-2024-35648Jun 17, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0.
- CVE-2024-33909Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
- CVE-2024-32949Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.
- CVE-2024-32729Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.
- CVE-2024-24709Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
- CVE-2025-31013Jun 17, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issue affects Themify Folo: from n/a through 1.9.6.
- CVE-2024-31435Jun 17, 2026risk 0.00cvss —epss 0.00
: Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Media & Share Icons: from n/a through 2.8.6.
- CVE-2024-33685Jun 17, 2026risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Jegstudio Startupzy startupzy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Startupzy: from n/a through 1.1.1.
- CVE-2024-34810Jun 17, 2026risk 0.00cvss —epss 0.00
Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.
- CVE-2026-54811Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
- CVE-2026-54807Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
- CVE-2026-54806Jun 17, 2026risk 0.00cvss —epss 0.01
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
- CVE-2026-54805Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
- CVE-2026-54804Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
- CVE-2026-54803Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
- CVE-2026-54802Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
- CVE-2026-54196Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
- CVE-2026-54195Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
- CVE-2026-54192Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
- CVE-2026-54189Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
- CVE-2026-54188Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
- CVE-2026-54187Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
- CVE-2026-54186Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
- CVE-2026-54185Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
- CVE-2026-54184Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
- CVE-2026-52706Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
- CVE-2026-52705Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
- CVE-2026-52698Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions.
- CVE-2026-52696Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
- CVE-2026-49778Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
- CVE-2026-49767Jun 17, 2026risk 0.00cvss —epss 0.01
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
- CVE-2026-49107Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
- CVE-2026-49084Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
- CVE-2026-49081Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
- CVE-2026-49079Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
- CVE-2026-49076Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
- CVE-2026-49075Jun 17, 2026risk 0.00cvss —epss 0.00
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
Page 646 of 664