Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
5515 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46470 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags [#hashtagger] allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Hashtags [#hashtagger]: from n/a through 7.2.3. | ||||
| CVE-2025-23741 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Notifications Center allows Reflected XSS. This issue affects Notifications Center: from n/a through 1.5.2. | ||||
| CVE-2025-39432 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonchanning bbPress2 shortcode whitelist allows Stored XSS. This issue affects bbPress2 shortcode whitelist: from n/a through 2.2.1. | ||||
| CVE-2024-13657 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Store Locator Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'storelocatorwidget' shortcode in all versions up to, and including, 20200131 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12170 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-13010 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.1 Medium |
| The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the 'search_type' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12617 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data. | ||||
| CVE-2023-41690 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5. | ||||
| CVE-2024-13469 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-31856 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in brainvireinfo Export All Post Meta allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export All Post Meta: from n/a through 1.2.1. | ||||
| CVE-2024-49296 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coder426 Custom Add to Cart Button Label and Link allows Stored XSS.This issue affects Custom Add to Cart Button Label and Link: from n/a through 1.6.1. | ||||
| CVE-2025-25123 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2. | ||||
| CVE-2025-32150 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. This issue affects Real Estate Manager: from n/a through 7.3. | ||||
| CVE-2024-7963 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23784 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows SQL Injection. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1. | ||||
| CVE-2025-31023 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags allows Cross Site Request Forgery. This issue affects Seo Meta Tags: from n/a through 1.4. | ||||
| CVE-2024-11874 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23726 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ComparePress allows Reflected XSS. This issue affects ComparePress: from n/a through 2.0.8. | ||||
| CVE-2024-11806 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.1 Medium |
| The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-28943 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mylo2h2s DP ALTerminator - Missing ALT manager allows Stored XSS. This issue affects DP ALTerminator - Missing ALT manager: from n/a through 1.0.2. | ||||