Filtered by vendor Wordpress
Subscriptions
Total
5153 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23479 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound melascrivi allows Reflected XSS. This issue affects melascrivi: from n/a through 1.4. | ||||
| CVE-2025-32671 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John Weissberg Print Science Designer allows Path Traversal. This issue affects Print Science Designer: from n/a through 1.3.155. | ||||
| CVE-2024-5970 | 2 Maxfoundry, Wordpress | 2 Maxgalleria, Wordpress | 2025-07-13 | 6.4 Medium |
| The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2295 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [xyz-cfm-form] shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-46515 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Category Widget allows Reflected XSS. This issue affects Category Widget: from n/a through 2.0.2. | ||||
| CVE-2025-31864 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Out the Box Beam me up Scotty – Back to Top Button allows Stored XSS. This issue affects Beam me up Scotty – Back to Top Button: from n/a through 1.0.23. | ||||
| CVE-2024-49298 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.6. | ||||
| CVE-2025-31630 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1. | ||||
| CVE-2025-23882 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Download Codes allows Reflected XSS. This issue affects WP Download Codes: from n/a through 2.5.4. | ||||
| CVE-2024-51689 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tobias Conrad CF7 WOW Styler allows Reflected XSS.This issue affects CF7 WOW Styler: from n/a through 1.6.8. | ||||
| CVE-2025-31730 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Marketer Addons allows Stored XSS. This issue affects Marketer Addons: from n/a through 1.0.1. | ||||
| CVE-2024-54237 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0. | ||||
| CVE-2024-51875 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmul Ahsan MDC YouTube Downloader allows DOM-Based XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0. | ||||
| CVE-2024-33935 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB MailCrypt allows Stored XSS.This issue affects PB MailCrypt: from n/a through 3.1.0. | ||||
| CVE-2025-23665 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Rapid Sort RSV GMaps allows Stored XSS.This issue affects RSV GMaps: from n/a through 1.5. | ||||
| CVE-2025-23430 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through 1.5. | ||||
| CVE-2024-54331 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3. | ||||
| CVE-2025-26746 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Advanced Custom Fields: Link Picker Field allows Reflected XSS. This issue affects Advanced Custom Fields: Link Picker Field: from n/a through 1.2.8. | ||||
| CVE-2024-52455 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoQSystem Inc. GoQSmile allows Reflected XSS.This issue affects GoQSmile: from n/a through 1.0.1. | ||||
| CVE-2024-56011 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov | IMBAA GmbH Responsive Google Maps | by imbaa allows Stored XSS.This issue affects Responsive Google Maps | by imbaa: from n/a through 1.2.5. | ||||