Vulnerabilities in A WP Life
20 resultsCVE-2025-68526HIGHWordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-39589CRITICALWordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerabilityEPSS 0.4%CVE-2024-5059MEDIUMWordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerabilityEPSS 0.4%CVE-2024-34377MEDIUMWordPress Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin <= 1.5.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-35720MEDIUMWordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-35717MEDIUMWordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-35722MEDIUMWordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-35721MEDIUMWordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-34754MEDIUMWordPress Contact Form Widget plugin <= 1.3.9 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2026-22345HIGHWordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2026-22346HIGHWordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2023-47525MEDIUMWordPress Event Management Tickets Booking Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-23646MEDIUMWordPress Album Gallery – WordPress Gallery Plugin <= 1.4.9 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-49902MEDIUMWordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-47491HIGHWordPress Contact Form Widget plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.2%CVE-2026-39517MEDIUMWordPress Blog Filter plugin <= 1.7.6 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-39548HIGHWordPress Right Click Disable OR Ban plugin <= 1.1.17 - CSRF to Stored XSS vulnerabilityEPSS 0.2%CVE-2024-48037MEDIUMWordPress Contact Form Widget plugin <= 1.4.2 - CSRF vulnerabilityEPSS 0.2%CVE-2025-69033MEDIUMWordPress Blog Filter plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-62134MEDIUMWordPress Contact Form Widget plugin <= 1.5.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%