Filtered by vendor Wordpress
Subscriptions
Total
5054 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23529 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 6.5 Medium |
| Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5. | ||||
| CVE-2025-23574 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM allows Reflected XSS. This issue affects CubePM: from n/a through 1.0. | ||||
| CVE-2025-23752 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CGD Arrange Terms allows Reflected XSS. This issue affects CGD Arrange Terms: from n/a through 1.1.3. | ||||
| CVE-2025-23754 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ulrich Sossou The Loops allows Reflected XSS. This issue affects The Loops: from n/a through 1.0.2. | ||||
| CVE-2025-23522 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in humanmade limited, Joe Hoyle, Tom Wilmott, Matthew Haines-Young HM Portfolio allows Reflected XSS. This issue affects HM Portfolio: from n/a through 1.1.1. | ||||
| CVE-2025-23622 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CBX Accounting & Bookkeeping allows Reflected XSS. This issue affects CBX Accounting & Bookkeeping: from n/a through 1.3.14. | ||||
| CVE-2025-23711 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Quote me allows Reflected XSS. This issue affects Quote me: from n/a through 1.0. | ||||
| CVE-2025-23737 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Network-Favorites allows Reflected XSS. This issue affects Network-Favorites: from n/a through 1.1. | ||||
| CVE-2025-23837 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound One Backend Language allows Reflected XSS. This issue affects One Backend Language: from n/a through 1.0. | ||||
| CVE-2025-23838 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bauernregeln allows Reflected XSS. This issue affects Bauernregeln: from n/a through 1.0.1. | ||||
| CVE-2025-23839 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Sticky Button allows Stored XSS. This issue affects Sticky Button: from n/a through 1.0. | ||||
| CVE-2025-23885 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MJ Contact us allows Reflected XSS. This issue affects MJ Contact us: from n/a through 5.2.3. | ||||
| CVE-2025-23849 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 5.4 Medium |
| Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PAPERCITE: from n/a through 0.5.18. | ||||
| CVE-2025-23756 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Chernyakov LawPress – Law Firm Website Management allows Reflected XSS. This issue affects LawPress – Law Firm Website Management: from n/a through 1.4.5. | ||||
| CVE-2024-10552 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 6.4 Medium |
| The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25. | ||||
| CVE-2024-12816 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 6.4 Medium |
| The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-11825 | 2 Broadstreetads, Wordpress | 2 Broadstreet, Wordpress | 2025-01-27 | 6.4 Medium |
| The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12817 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 6.4 Medium |
| The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_link' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23457 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clodeo Shipdeo allows Reflected XSS. This issue affects Shipdeo: from n/a through 1.2.8. | ||||
| CVE-2025-23792 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint allows Reflected XSS. This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through 1.1.6. | ||||