Filtered by vendor Wordpress
Subscriptions
Total
5201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23475 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2. | ||||
| CVE-2025-23954 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11. | ||||
| CVE-2024-37502 | 2 Wordpress, Wpweb | 2 Wordpress, Woocommerce Social Login | 2025-07-13 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3. | ||||
| CVE-2025-31611 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Post After Image Upload: from n/a through 1.6. | ||||
| CVE-2025-31782 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in pupunzi mb.YTPlayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects mb.YTPlayer: from n/a through 3.3.8. | ||||
| CVE-2025-23478 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Photo Video Store allows Reflected XSS. This issue affects Photo Video Store: from n/a through 21.07. | ||||
| CVE-2024-2580 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2. | ||||
| CVE-2024-37104 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Chic Lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through 1.1.3. | ||||
| CVE-2024-37962 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1. | ||||
| CVE-2025-24619 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WP Log Action allows Reflected XSS. This issue affects WP Log Action: from n/a through 0.51. | ||||
| CVE-2024-2499 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-6327 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them. | ||||
| CVE-2024-55974 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AMS Nexe Iberica Mimoos allows SQL Injection.This issue affects Mimoos: from n/a through 1.2. | ||||
| CVE-2024-12922 | 2 Themegoods, Wordpress | 2 Altair, Wordpress | 2025-07-13 | 9.8 Critical |
| The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-23662 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana WP Panoramio allows Stored XSS.This issue affects WP Panoramio: from n/a through 1.5.0. | ||||
| CVE-2024-56036 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ondrej Donek odPhotogallery allows Reflected XSS.This issue affects odPhotogallery: from n/a through 0.5.3. | ||||
| CVE-2024-11928 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The iChart – Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23827 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Strx Strx Magic Floating Sidebar Maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through 1.4.1. | ||||
| CVE-2024-53734 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Idealien Category Enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through 1.2. | ||||
| CVE-2024-13557 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||