Filtered by vendor Wordpress
Subscriptions
Total
5198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31822 | 2 Ashish Ajani, Wordpress | 2 Wp Simple Html Sitemap, Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2. | ||||
| CVE-2025-31860 | 2 Wordpress, Wpeka | 2 Wordpress, Wp Adcenter | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.5.9. | ||||
| CVE-2025-31867 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2025-07-12 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-31877 | 2 Magnigenie, Wordpress | 2 Restropress, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4. | ||||
| CVE-2025-31892 | 2 Themeum, Wordpress | 2 Wp Crowdfunding, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.13. | ||||
| CVE-2025-31895 | 2 Paulrosen, Wordpress | 2 Abc Notation, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paulrosen ABC Notation allows Stored XSS. This issue affects ABC Notation: from n/a through 6.1.3. | ||||
| CVE-2025-3813 | 3 Royal-elementor-addons, Wordpress, Wproyal | 3 Royal Elementor Addons, Wordpress, Royal Elementor Addons And Templates | 2025-07-11 | 6.4 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-5123 | 2 A3rev, Wordpress | 2 Contact Us Page - Contact People, Contact Us Page - Contact People | 2025-07-10 | 6.4 Medium |
| The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1562 | 2 Funnelkit, Wordpress | 2 Funnelkit Automations, Wordpress | 2025-07-09 | 9.8 Critical |
| The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site. | ||||
| CVE-2025-3702 | 2 Melapress, Wordpress | 2 Melapress File Monitor, Wordpress | 2025-07-09 | 5.4 Medium |
| Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a before 2.2.0. | ||||
| CVE-2025-53258 | 2 Wordpress, Wow-company | 2 Wordpress, Hover Effects | 2025-07-08 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through 2.1.2. | ||||
| CVE-2025-5338 | 3 Royal-elementor-addons, Wordpress, Wproyal | 3 Royal Elementor Addons, Wordpress, Royal Elementor Addons And Templates | 2025-07-08 | 6.4 Medium |
| The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-5932 | 2 Coolrunner, Wordpress | 3 Homerunner, Homerunner Plugin, Wordpress | 2025-07-07 | 4.3 Medium |
| The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-6252 | 2 Qodeinteractive, Wordpress | 2 Qi Addons For Elementor, Wordpress | 2025-07-07 | 6.4 Medium |
| The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-53202 | 2 Cyberchimps, Wordpress | 2 Responsive Blocks, Wordpress | 2025-07-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows DOM-Based XSS. This issue affects Responsive Blocks: from n/a through 2.0.6. | ||||
| CVE-2025-53311 | 2 Amol Nirmala Waman, Wordpress | 2 Navayan Subscribe Plugin, Wordpress | 2025-07-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe allows Stored XSS. This issue affects Navayan Subscribe: from n/a through 1.13. | ||||
| CVE-2025-52774 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2025-07-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.12.7. | ||||
| CVE-2025-53259 | 2 Nicdark, Wordpress | 2 Hotel Booking, Wordpress | 2025-07-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.7. | ||||
| CVE-2025-53315 | 2 Alanft, Wordpress | 2 Relocate-upload, Wordpress | 2025-07-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1. | ||||
| CVE-2025-52834 | 2 Favethemes, Wordpress | 2 Homey, Wordpress | 2025-07-06 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey allows SQL Injection. This issue affects Homey: from n/a through 2.4.5. | ||||