Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
5515 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24643 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. | ||||
| CVE-2025-23537 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3. | ||||
| CVE-2025-47551 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed allows Cross Site Request Forgery. This issue affects Wiki Embed: from n/a through 1.4.6. | ||||
| CVE-2025-3065 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.1 Critical |
| The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-47447 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box allows Cross Site Request Forgery. This issue affects Cool Author Box: from n/a through 3.0.0. | ||||
| CVE-2025-25157 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Church Center allows Reflected XSS. This issue affects WP Church Center: from n/a through 1.3.3. | ||||
| CVE-2025-3615 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12459 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-11784 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23660 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3. | ||||
| CVE-2023-33215 | 2 Taggbox, Wordpress | 2 Taggbox, Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Tagbox Taggbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through 3.3. | ||||
| CVE-2025-26748 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0. | ||||
| CVE-2024-54372 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. | ||||
| CVE-2023-49156 | 2 Godaddy, Wordpress | 2 Godaddy Email Marketing, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDaddy Email Marketing: from n/a through 1.4.3. | ||||
| CVE-2025-31800 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in publitio Publitio allows Path Traversal. This issue affects Publitio: from n/a through 2.1.8. | ||||
| CVE-2024-37236 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tim Whitlock Loco Translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through 2.6.9. | ||||
| CVE-2024-33915 | 2 Bowo, Wordpress | 2 Debug Log Manager, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. | ||||
| CVE-2025-27292 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPyog WPYog Documents allows Reflected XSS. This issue affects WPYog Documents: from n/a through 1.3.3. | ||||
| CVE-2024-27197 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8. | ||||
| CVE-2024-56025 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdWorkMedia.com AdWork Media EZ Content Locker allows Reflected XSS.This issue affects AdWork Media EZ Content Locker: from n/a through 3.0. | ||||