Filtered by vendor Wordpress
Subscriptions
Total
5202 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-13557 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
CVE-2025-47458 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools allows Reflected XSS. This issue affects B2i Investor Tools: from n/a through 1.0.7.9. | ||||
CVE-2024-47356 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.1 Medium |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1. | ||||
CVE-2025-24561 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2. | ||||
CVE-2024-55985 | 2 Wordpress, Ydesignservices | 2 Wordpress, Yds Support Ticket System | 2025-07-13 | 8.5 High |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through 1.0. | ||||
CVE-2024-54401 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advanced Fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through 1.1.1. | ||||
CVE-2025-30619 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe allows Cross Site Request Forgery. This issue affects SpeakPipe: from n/a through 0.2. | ||||
CVE-2025-23764 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6. | ||||
CVE-2025-30887 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.2.9. | ||||
CVE-2025-22532 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nagy Sandor Simple Photo Sphere allows Stored XSS.This issue affects Simple Photo Sphere: from n/a through 0.0.10. | ||||
CVE-2025-22502 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.6 High |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through 1.1. | ||||
CVE-2024-51912 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lilaea Media IntelliWidget Elements allows DOM-Based XSS.This issue affects IntelliWidget Elements: from n/a through 2.2.7. | ||||
CVE-2024-35646 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smartarget Smartarget Message Bar allows Stored XSS.This issue affects Smartarget Message Bar: from n/a through 1.3. | ||||
CVE-2024-56066 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23. | ||||
CVE-2024-51617 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rami Yushuvaev Clyp allows Stored XSS.This issue affects Clyp: from n/a through 1.3. | ||||
CVE-2024-56014 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markyis Cool Olivia allows Reflected XSS.This issue affects Olivia: from n/a through 0.9.5. | ||||
CVE-2024-10527 | 2 Clevelandwebdeveloper, Wordpress | 2 Spacer, Wordpress | 2025-07-13 | 3.1 Low |
The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information. | ||||
CVE-2023-47648 | 2 Spider-themes, Wordpress | 2 Eazydocs, Wordpress | 2025-07-13 | 7.5 High |
Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.3.5. | ||||
CVE-2024-11763 | 2 Plezi, Wordpress | 2 Plezi, Wordpress | 2025-07-13 | 6.4 Medium |
The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-32831 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lorna Timbah (webgrrrl) Accessibility Widget allows Stored XSS.This issue affects Accessibility Widget: from n/a through 2.2. |