Filtered by vendor Wordpress
Subscriptions
Total
5584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29097 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.3 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins User profile allows Stored XSS.This issue affects User profile: from n/a through 2.0.20. | ||||
| CVE-2024-56270 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in SecureSubmit WP SecureSubmit.This issue affects WP SecureSubmit: from n/a through 1.5.16. | ||||
| CVE-2024-53768 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in IDE Interactive Content Audit Exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through 1.1. | ||||
| CVE-2025-31874 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay WebberZone Snippetz allows Stored XSS. This issue affects WebberZone Snippetz: from n/a through 2.1.0. | ||||
| CVE-2023-32129 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9. | ||||
| CVE-2024-1946 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-24640 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan-Lucian Stefancu Empty Tags Remover allows Reflected XSS. This issue affects Empty Tags Remover: from n/a through 1.0. | ||||
| CVE-2025-27339 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength allows Cross Site Request Forgery. This issue affects Minimum Password Strength: from n/a through 1.2.0. | ||||
| CVE-2025-31014 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5. | ||||
| CVE-2024-4144 | 2 Wordpress, Wpkube | 2 Wordpress, Simple Basic Contact Form | 2025-07-12 | 6.5 Medium |
| The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment. | ||||
| CVE-2024-50468 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Robinson Raptor Editor allows DOM-Based XSS.This issue affects Raptor Editor: from n/a through 1.0.20. | ||||
| CVE-2024-3495 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-26923 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows Stored XSS.This issue affects Event post: from n/a through 5.9.8. | ||||
| CVE-2024-52415 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0. | ||||
| CVE-2024-33549 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2025-07-12 | 8.8 High |
| Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10. | ||||
| CVE-2025-23527 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0. | ||||
| CVE-2025-22560 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Saoshyant.1994 Saoshyant Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant Page Builder: from n/a through 3.8. | ||||
| CVE-2024-12621 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23902 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through 0.2.7. | ||||
| CVE-2025-26589 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound IE CSS3 Support allows Reflected XSS. This issue affects IE CSS3 Support: from n/a through 2.0.1. | ||||