Filtered by vendor Wordpress
Subscriptions
Total
7258 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48281 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer allows Blind SQL Injection. This issue affects MyStyle Custom Product Designer: from n/a through 3.21.1. | ||||
| CVE-2025-23752 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CGD Arrange Terms allows Reflected XSS. This issue affects CGD Arrange Terms: from n/a through 1.1.3. | ||||
| CVE-2024-32550 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1. | ||||
| CVE-2024-31121 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions. | ||||
| CVE-2024-6810 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.4 Medium |
| The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-30582 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM allows PHP Local File Inclusion. This issue affects DyaPress ERP/CRM: from n/a through 18.0.2.0. | ||||
| CVE-2024-53724 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ronny L. Bull IceStats allows Stored XSS.This issue affects IceStats: from n/a through 1.3. | ||||
| CVE-2024-56239 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Audio Dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through 2.0.4. | ||||
| CVE-2025-25108 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shalomworld SW Plus allows Reflected XSS. This issue affects SW Plus: from n/a through 2.1. | ||||
| CVE-2024-54276 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felix Moira Poll Builder allows Stored XSS.This issue affects Poll Builder: from n/a through 1.3.5. | ||||
| CVE-2025-2303 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. This is due to the unsafe evaluation of user-controlled input. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. | ||||
| CVE-2024-31371 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. | ||||
| CVE-2024-2294 | 2 Softaculous, Wordpress | 2 Backuply, Wordpress | 2025-07-13 | 4.9 Medium |
| The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers. | ||||
| CVE-2024-50533 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in David Garcia Domain Sharding allows Stored XSS.This issue affects Domain Sharding: from n/a through 1.2.1. | ||||
| CVE-2024-56231 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio SaasPricing allows DOM-Based XSS.This issue affects SaasPricing: from n/a through 1.1.4. | ||||
| CVE-2024-51658 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager allows Stored XSS.This issue affects WP Course Manager: from n/a through 1.3. | ||||
| CVE-2024-12432 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Shop As A Customer For Woocommerce | 2025-07-13 | 8.1 High |
| The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in. | ||||
| CVE-2025-23988 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4. | ||||
| CVE-2024-5881 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbc_image shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23818 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Peggy Kuo More Link Modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through 1.0.3. | ||||