Filtered by vendor Wordpress
Subscriptions
Total
5584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31432 | 2 Chop-chop, Wordpress | 2 Pop-up Chop Chop, Wordpress | 2025-07-13 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Chop Chop Pop-Up Chop Chop allows PHP Local File Inclusion. This issue affects Pop-Up Chop Chop: from n/a through 2.1.7. | ||||
| CVE-2025-31539 | 2 Blocksera, Wordpress | 2 Cryptocurrency Widgets Pack, Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cryptocurrency Widgets Pack: from n/a through 2.0.1. | ||||
| CVE-2025-31628 | 2 Slicedinvoices, Wordpress | 2 Sliced Invoices, Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4. | ||||
| CVE-2025-31847 | 2 Themelooks, Wordpress | 2 Mfolio Lite, Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelooks mFolio Lite allows DOM-Based XSS. This issue affects mFolio Lite: from n/a through 1.2.2. | ||||
| CVE-2025-31910 | 2 Reputeinfosystems, Wordpress | 2 Bookingpress, Wordpress | 2025-07-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28. | ||||
| CVE-2025-32134 | 2 Kaizencoders, Wordpress | 2 Url Shortify, Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders URL Shortify allows Stored XSS. This issue affects URL Shortify: from n/a through 1.10.4. | ||||
| CVE-2025-32138 | 2 Supsystic, Wordpress | 2 Easy Google Maps, Wordpress | 2025-07-13 | 6.6 Medium |
| Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17. | ||||
| CVE-2025-32143 | 2 Pickplugins, Wordpress | 2 Accordion, Wordpress | 2025-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10. | ||||
| CVE-2025-32179 | 2 Icopydoc, Wordpress | 2 Maps For Wp, Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP allows Stored XSS. This issue affects Maps for WP: from n/a through 1.2.4. | ||||
| CVE-2025-32204 | 2 Rocketelements, Wordpress | 2 Split Test For Elementor, Wordpress | 2025-07-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rocketelements Split Test For Elementor allows SQL Injection. This issue affects Split Test For Elementor: from n/a through 1.8.2. | ||||
| CVE-2025-32531 | 2 Tychesoftwares, Wordpress | 2 Arconix Faq, Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix FAQ allows Reflected XSS. This issue affects Arconix FAQ: from n/a through 1.9.5. | ||||
| CVE-2025-32626 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2025-07-13 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager allows SQL Injection. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-3917 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-49303 | 2 Dynamiapps, Wordpress | 2 Frontend Admin, Wordpress | 2025-07-13 | 6.8 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Path Traversal. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.7. | ||||
| CVE-2025-4406 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-9374 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.1 Medium |
| The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-10084 | 2 Sevenspark, Wordpress | 2 Contact Form 7 - Dynamic Text Extension, Wordpress | 2025-07-13 | 4.3 Medium |
| The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own. | ||||
| CVE-2025-23883 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Stray Random Quotes allows Reflected XSS. This issue affects Stray Random Quotes: from n/a through 1.9.9. | ||||
| CVE-2025-25105 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1. | ||||
| CVE-2024-51834 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luzuk Luzuk Slider allows Stored XSS.This issue affects Luzuk Slider: from n/a through 0.1.5. | ||||