Filtered by vendor Wordpress
Subscriptions
Total
7250 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31081 | 2 Shortpixel, Wordpress | 2 Enable Media Replace, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Reflected XSS. This issue affects Enable Media Replace: from n/a through 4.1.5. | ||||
| CVE-2025-31083 | 2 Wordpress, Zeen101 | 2 Wordpress, Leaky Paywall | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall allows Stored XSS. This issue affects Leaky Paywall: from n/a through 4.21.7. | ||||
| CVE-2025-31088 | 2 Cozmoslabs, Wordpress | 2 Paid Member Subscriptions, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions allows Stored XSS. This issue affects Paid Member Subscriptions: from n/a through 2.14.3. | ||||
| CVE-2025-31387 | 2 Instawp, Wordpress | 2 Instawp Connect, Wordpress | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82. | ||||
| CVE-2025-31417 | 2 Fahad Mahmood, Wordpress | 2 Wp Docs, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a. | ||||
| CVE-2025-31552 | 2 Davidfcarr, Wordpress | 2 Rsvpmarker, Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.4.8. | ||||
| CVE-2025-31613 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel allows Cross Site Request Forgery. This issue affects AB Google Map Travel : from n/a through 4.6. | ||||
| CVE-2025-31619 | 2 Marcoingraiti, Wordpress | 2 Actionwear Products Sync, Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3. | ||||
| CVE-2025-31822 | 2 Ashish Ajani, Wordpress | 2 Wp Simple Html Sitemap, Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2. | ||||
| CVE-2025-31860 | 2 Wordpress, Wpeka | 2 Wordpress, Wp Adcenter | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.5.9. | ||||
| CVE-2025-31867 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2025-07-12 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-31877 | 2 Magnigenie, Wordpress | 2 Restropress, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4. | ||||
| CVE-2025-31892 | 2 Themeum, Wordpress | 2 Wp Crowdfunding, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.13. | ||||
| CVE-2025-31895 | 2 Paulrosen, Wordpress | 2 Abc Notation, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paulrosen ABC Notation allows Stored XSS. This issue affects ABC Notation: from n/a through 6.1.3. | ||||
| CVE-2025-3813 | 3 Royal-elementor-addons, Wordpress, Wproyal | 3 Royal Elementor Addons, Wordpress, Royal Elementor Addons And Templates | 2025-07-11 | 6.4 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-5123 | 2 A3rev, Wordpress | 2 Contact Us Page - Contact People, Contact Us Page - Contact People | 2025-07-10 | 6.4 Medium |
| The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1562 | 2 Funnelkit, Wordpress | 2 Funnelkit Automations, Wordpress | 2025-07-09 | 9.8 Critical |
| The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site. | ||||
| CVE-2025-3702 | 2 Melapress, Wordpress | 2 Melapress File Monitor, Wordpress | 2025-07-09 | 5.4 Medium |
| Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a before 2.2.0. | ||||
| CVE-2025-53258 | 2 Wordpress, Wow-company | 2 Wordpress, Hover Effects | 2025-07-08 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through 2.1.2. | ||||
| CVE-2025-5338 | 3 Royal-elementor-addons, Wordpress, Wproyal | 3 Royal Elementor Addons, Wordpress, Royal Elementor Addons And Templates | 2025-07-08 | 6.4 Medium |
| The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||