Filtered by vendor Wordpress
Subscriptions
Total
5054 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24612 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6. | ||||
| CVE-2025-24754 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 4.3 Medium |
| Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0. | ||||
| CVE-2025-22513 | 1 Wordpress | 1 Wordpress | 2025-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple Locator allows Reflected XSS. This issue affects Simple Locator: from n/a through 2.0.4. | ||||
| CVE-2025-24561 | 1 Wordpress | 1 Wordpress | 2025-01-24 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2. | ||||
| CVE-2025-24547 | 1 Wordpress | 1 Wordpress | 2025-01-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthias Wagner - FALKEmedia Caching Compatible Cookie Opt-In and JavaScript allows Stored XSS. This issue affects Caching Compatible Cookie Opt-In and JavaScript: from n/a through 0.0.10. | ||||
| CVE-2025-24588 | 2 Patreon, Wordpress | 2 Patreon Wordpress, Wordpress | 2025-01-24 | 6.5 Medium |
| Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1. | ||||
| CVE-2025-24572 | 1 Wordpress | 1 Wordpress | 2025-01-24 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search allows Cross Site Request Forgery. This issue affects WP Fast Total Search: from n/a through 1.78.258. | ||||
| CVE-2025-24638 | 1 Wordpress | 1 Wordpress | 2025-01-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4. | ||||
| CVE-2025-24672 | 2 Codepeople, Wordpress | 2 Form Builder Cp, Wordpress | 2025-01-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodePeople Form Builder CP allows SQL Injection. This issue affects Form Builder CP: from n/a through 1.2.41. | ||||
| CVE-2025-24702 | 1 Wordpress | 1 Wordpress | 2025-01-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xagio Xagio SEO allows Stored XSS. This issue affects Xagio SEO: from n/a through 7.0.0.20. | ||||
| CVE-2025-24687 | 1 Wordpress | 1 Wordpress | 2025-01-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lars Wallenborn Show/Hide Shortcode allows Stored XSS. This issue affects Show/Hide Shortcode: from n/a through 1.0.0. | ||||
| CVE-2025-24682 | 1 Wordpress | 1 Wordpress | 2025-01-24 | 4.3 Medium |
| Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9. | ||||
| CVE-2025-24720 | 2 Wordpress, Wow-company | 2 Wordpress, Sticky Buttons | 2025-01-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1. | ||||
| CVE-2025-24706 | 2 Multivendorx, Wordpress | 2 Wc Marketplace, Wordpress | 2025-01-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Stored XSS. This issue affects WC Marketplace: from n/a through 4.2.13. | ||||
| CVE-2025-24716 | 2 Wordpress, Wow-company | 2 Wordpress, Herd Effects | 2025-01-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1. | ||||
| CVE-2025-24724 | 2 Wordpress, Wow-company | 2 Wordpress, Side Menu Lite | 2025-01-24 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite allows Cross Site Request Forgery. This issue affects Side Menu Lite: from n/a through 5.3.1. | ||||
| CVE-2025-23914 | 1 Wordpress | 1 Wordpress | 2025-01-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1. | ||||
| CVE-2025-23932 | 1 Wordpress | 1 Wordpress | 2025-01-22 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00. | ||||
| CVE-2024-49688 | 1 Wordpress | 1 Wordpress | 2025-01-21 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | ||||
| CVE-2024-49699 | 1 Wordpress | 1 Wordpress | 2025-01-21 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | ||||