Filtered by vendor Wordpress
Subscriptions
Total
5584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29914 | 2 Motopress, Wordpress | 2 Stratum, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15. | ||||
| CVE-2022-4965 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.1 Medium |
| The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘target_id’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-23447 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Smooth Dynamic Slider allows Reflected XSS. This issue affects Smooth Dynamic Slider: from n/a through 1.0. | ||||
| CVE-2024-34442 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4. | ||||
| CVE-2025-32290 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky HTML5 Music Player allows SQL Injection. This issue affects Sticky HTML5 Music Player: from n/a through 3.1.6. | ||||
| CVE-2025-48328 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0. | ||||
| CVE-2024-38700 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in realmag777 WPCS allows Code Injection.This issue affects WPCS: from n/a through 1.2.0.3. | ||||
| CVE-2025-22540 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through 1.4.1. | ||||
| CVE-2025-30764 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football Pool allows Cross Site Request Forgery. This issue affects Football Pool: from n/a through 2.12.2. | ||||
| CVE-2024-11776 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-28952 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints allows Cross Site Request Forgery. This issue affects CubePoints: from n/a through 3.2.1. | ||||
| CVE-2025-47683 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7. | ||||
| CVE-2025-31430 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1. | ||||
| CVE-2024-52466 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Events allows Reflected XSS.This issue affects Explara Events: from n/a through 0.1.3. | ||||
| CVE-2025-30914 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery. This issue affects Metform: from n/a through 3.9.2. | ||||
| CVE-2025-30522 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design allows Stored XSS. This issue affects Contact Form 7 Material Design: from n/a through 1.0.0. | ||||
| CVE-2024-54403 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Scott Visual Recent Posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through 1.2.3. | ||||
| CVE-2024-32126 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters Navigation menu as Dropdown Widget allows Stored XSS.This issue affects Navigation menu as Dropdown Widget: from n/a through 1.3.4. | ||||
| CVE-2024-30523 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add On: from n/a through 2.3.4. | ||||
| CVE-2024-9116 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Monkee-Boy Essentials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||