Filtered by vendor Wordpress
Subscriptions
Total
7250 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30584 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter allows Stored XSS. This issue affects AlphaOmega Captcha & Anti-Spam Filter: from n/a through 3.3. | ||||
| CVE-2025-30592 | 2 Westerndeal, Wordpress | 2 Advanced Dewplayer, Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in westerndeal Advanced Dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Dewplayer: from n/a through 1.6. | ||||
| CVE-2025-30773 | 2 Cozmoslabs, Wordpress | 2 Translatepress, Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress allows Object Injection. This issue affects TranslatePress: from n/a through 2.9.6. | ||||
| CVE-2025-30813 | 2 Listamester, Wordpress | 2 Listamester, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.5. | ||||
| CVE-2025-30828 | 2 Arraytics, Wordpress | 2 Timetics, Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29. | ||||
| CVE-2025-30829 | 2 Themewinter, Wordpress | 2 Wpcafe, Wordpress | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.31. | ||||
| CVE-2025-30836 | 2 Latepoint, Wordpress | 2 Latepoint, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint allows Stored XSS. This issue affects LatePoint: from n/a through 5.1.6. | ||||
| CVE-2025-30838 | 2 Cozythemes, Wordpress | 2 Cozy Blocks, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks allows Stored XSS. This issue affects Cozy Blocks: from n/a through 2.1.6. | ||||
| CVE-2025-30845 | 2 Webangon, Wordpress | 2 The Pack Elementor Addons, Wordpress | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webangon The Pack Elementor addons allows PHP Local File Inclusion. This issue affects The Pack Elementor addons: from n/a through 2.1.1. | ||||
| CVE-2025-30881 | 2 Themehunk, Wordpress | 2 Big Store, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8. | ||||
| CVE-2025-30882 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2025-07-12 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk allows Path Traversal. This issue affects JS Help Desk: from n/a through 2.9.1. | ||||
| CVE-2025-30901 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2025-07-12 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2. | ||||
| CVE-2025-30904 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify allows Stored XSS. This issue affects Chartify: from n/a through 3.1.7. | ||||
| CVE-2025-30905 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.4.3. | ||||
| CVE-2025-30909 | 2 Conversios, Wordpress | 2 Conversios.io, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3. | ||||
| CVE-2025-30911 | 2 Rometheme, Wordpress | 2 Romethemekit For Elementor, Wordpress | 2025-07-12 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4. | ||||
| CVE-2025-30925 | 2 Webangon, Wordpress | 2 The Pack Elementor Addons, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons allows Stored XSS. This issue affects The Pack Elementor addons: from n/a through 2.1.1. | ||||
| CVE-2025-31002 | 2 Bogdan Bendziukov, Wordpress | 2 Squeeze, Wordpress | 2025-07-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6. | ||||
| CVE-2025-31020 | 2 Webliberty, Wordpress | 2 Simple Spoiler, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS. This issue affects Simple Spoiler: from n/a through 1.4. | ||||
| CVE-2025-31075 | 2 Videowhisper, Wordpress | 2 Micropayments, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments allows Stored XSS. This issue affects MicroPayments: from n/a through 2.9.29. | ||||