Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 5133 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-47507	1 Wordpress	1 Wordpress	2025-05-08	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search allows DOM-Based XSS. This issue affects Better Search: from n/a through 4.1.0.
CVE-2025-47509	1 Wordpress	1 Wordpress	2025-05-08	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Top 10 allows Stored XSS. This issue affects Top 10: from n/a through 4.1.0.
CVE-2025-47494	1 Wordpress	1 Wordpress	2025-05-08	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.4.1.
CVE-2025-47469	1 Wordpress	1 Wordpress	2025-05-08	5.4 Medium
Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.0.
CVE-2025-47528	1 Wordpress	1 Wordpress	2025-05-08	4.3 Medium
Missing Authorization vulnerability in pewilliams Ovation Elements allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ovation Elements: from n/a through 1.1.2.
CVE-2025-47522	1 Wordpress	1 Wordpress	2025-05-08	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AWEOS GmbH AWEOS WP Lock allows Stored XSS. This issue affects AWEOS WP Lock: from n/a through 1.4.8.
CVE-2025-47523	1 Wordpress	1 Wordpress	2025-05-08	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster allows Cross Site Request Forgery. This issue affects Seznam Webmaster: from n/a through 1.4.7.
CVE-2025-47524	1 Wordpress	1 Wordpress	2025-05-08	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karim42 Quran multilanguage Text & Audio allows Stored XSS. This issue affects Quran multilanguage Text & Audio: from n/a through 2.3.23.
CVE-2025-47515	1 Wordpress	1 Wordpress	2025-05-08	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seb WP DPE-GES allows DOM-Based XSS. This issue affects WP DPE-GES: from n/a through 1.6.
CVE-2025-47457	1 Wordpress	1 Wordpress	2025-05-08	5.3 Medium
Missing Authorization vulnerability in dgamoni LocateAndFilter allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects LocateAndFilter: from n/a through 1.6.16.
CVE-2025-47470	1 Wordpress	1 Wordpress	2025-05-08	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in senols GPT3 AI Content Writer allows Cross Site Request Forgery. This issue affects GPT3 AI Content Writer: from n/a through 1.9.14.
CVE-2025-47447	1 Wordpress	1 Wordpress	2025-05-08	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box allows Cross Site Request Forgery. This issue affects Cool Author Box: from n/a through 3.0.0.
CVE-2025-47462	1 Wordpress	1 Wordpress	2025-05-08	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Ohidul Islam Challan allows Privilege Escalation. This issue affects Challan: from n/a through 3.7.58.
CVE-2025-47440	1 Wordpress	1 Wordpress	2025-05-08	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts allows PHP Local File Inclusion. This issue affects WPAdverts: from n/a through 2.2.2.
CVE-2025-47617	1 Wordpress	1 Wordpress	2025-05-08	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Stored XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3.
CVE-2025-47665	1 Wordpress	1 Wordpress	2025-05-08	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bistromatic N360 \| Splash Screen allows Stored XSS. This issue affects N360 \| Splash Screen: from n/a through 1.0.6.
CVE-2025-47597	1 Wordpress	1 Wordpress	2025-05-08	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Maulik Vora WP Podcasts Manager allows Cross Site Request Forgery. This issue affects WP Podcasts Manager: from n/a through 1.2.
CVE-2025-47639	1 Wordpress	1 Wordpress	2025-05-08	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading allows Stored XSS. This issue affects Supertext Translation and Proofreading: from n/a through 4.25.
CVE-2025-47683	1 Wordpress	1 Wordpress	2025-05-08	7.2 High
Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7.
CVE-2025-47595	1 Wordpress	1 Wordpress	2025-05-08	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darshan Saroya Color Your Bar allows Stored XSS. This issue affects Color Your Bar: from n/a through 2.0.

« first previous Page 200 of 257. next last »