Wordpress.com Editing Toolkit CVEs and Security Vulnerabilities

Search

Expected end of text, found '.' (at char 39), (line:1, col:40)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (316297 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64290	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Product Search For Woocommerce, Woocommerce and 1 more	2025-10-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
CVE-2025-64289	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Product Search For Woocommerce, Woocommerce and 1 more	2025-10-30	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
CVE-2025-64285	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Wholesale Pricing For Woocommerce, Woocommerce and 1 more	2025-10-30	5.4 Medium
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
CVE-2025-64284	2 Majesticsupport, Wordpress	2 Majestic Support, Wordpress	2025-10-30	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through <= 1.1.1.
CVE-2025-64283	1 Wordpress	1 Wordpress	2025-10-30	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.
CVE-2025-64234	2 Evergreencontentposter, Wordpress	2 Evergreen Content Poster, Wordpress	2025-10-30	4.3 Medium
Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Evergreen Content Poster: from n/a through <= 1.4.5.
CVE-2025-64229	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2025-10-30	4.3 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7.
CVE-2025-64228	2 Fantasticplugins, Wordpress	2 Sumo Affiliates Pro, Wordpress	2025-10-30	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0.
CVE-2025-64220	1 Wordpress	1 Wordpress	2025-10-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8.
CVE-2025-64216	2 Themesphere, Wordpress	2 Smartmag, Wordpress	2025-10-30	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from n/a through <= 10.3.0.
CVE-2025-64210	2 Stylemixthemes, Wordpress	2 Masterstudy Elementor Widgets, Wordpress	2025-10-30	5.4 Medium
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4.
CVE-2025-64204	2 Themesphere, Wordpress	2 Smartmag, Wordpress	2025-10-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeSphere SmartMag smart-mag allows Stored XSS.This issue affects SmartMag: from n/a through <= 10.3.1.
CVE-2025-64201	2 Blubrry, Wordpress	2 Powerpress Podcasting, Wordpress	2025-10-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.13.12.
CVE-2025-64200	3 Villatheme, Woocommerce, Wordpress	3 Woocommerce Email Template Customizer, Woocommerce, Wordpress	2025-10-30	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.17.
CVE-2025-64197	2 Sizam Design, Wordpress	2 Rehub, Wordpress	2025-10-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1.
CVE-2025-64150	1 Jenkins	1 Jenkins	2025-10-30	5.4 Medium
A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2025-64144	1 Jenkins	1 Jenkins	2025-10-30	4.3 Medium
Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.
CVE-2025-64141	1 Jenkins	1 Jenkins	2025-10-30	4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2025-64103	1 Zitadel	1 Zitadel	2025-10-30	N/A
Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as well and not require multiple factors. Bypassing second authentication factors weakens multifactor authentication and enables attackers to bypass the more secure factor. An attacker can target the TOTP code alone, only six digits, bypassing password verification entirely and potentially compromising accounts with 2FA enabled. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18.
CVE-2025-64140	1 Jenkins	2 Azure Cli, Jenkins	2025-10-30	8.8 High
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.

« first previous Page 18 of 15815. next last »