Filtered by vendor Wordpress
Subscriptions
Total
7258 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57993 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Pick Geolocation IP Detection allows Stored XSS. This issue affects Geolocation IP Detection: from n/a through 5.5.0. | ||||
| CVE-2025-57987 | 2 Thimpress, Wordpress | 2 Wp Events Manager, Wordpress | 2025-09-23 | 5.3 Medium |
| Missing Authorization vulnerability in ThimPress WP Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Events Manager: from n/a through 2.2.1. | ||||
| CVE-2025-57981 | 2 Catchsquare, Wordpress | 2 Wp Social Widget, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.3.1. | ||||
| CVE-2025-57962 | 2 E4jconnect, Wordpress | 2 Vikrestaurants Table Reservations And Take-away, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Stored XSS. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.4. | ||||
| CVE-2025-57992 | 2 Interserver, Wordpress | 2 Mail Baby Smtp, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in InterServer Mail Baby SMTP allows Cross Site Request Forgery. This issue affects Mail Baby SMTP: from n/a through 2.8. | ||||
| CVE-2025-57985 | 2 Mantrabrain, Wordpress | 2 Ultimate Watermark, Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in MantraBrain Ultimate Watermark allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Watermark: from n/a through 1.1. | ||||
| CVE-2025-57968 | 2 E4jconnect, Wordpress | 2 Vikrestaurants Table Reservations And Take-away, Wordpress | 2025-09-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Reflected XSS. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.4. | ||||
| CVE-2025-58025 | 2 Averta, Wordpress | 2 Master Slider, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider allows Stored XSS. This issue affects Master Slider: from n/a through 3.11.0. | ||||
| CVE-2025-58003 | 2 Javothemes, Wordpress | 2 Javo Core, Wordpress | 2025-09-23 | 5.3 Medium |
| Missing Authorization vulnerability in javothemes Javo Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Javo Core: from n/a through 3.0.0.266. | ||||
| CVE-2025-57984 | 2 Makestories, Wordpress | 2 Makestories (for Google Web Stories), Wordpress | 2025-09-23 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Pratik Ghela MakeStories (for Google Web Stories) allows Server Side Request Forgery. This issue affects MakeStories (for Google Web Stories): from n/a through 3.0.4. | ||||
| CVE-2025-58224 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Printeers Printeers Print & Ship allows Cross Site Request Forgery. This issue affects Printeers Print & Ship: from n/a through 1.17.0. | ||||
| CVE-2025-57967 | 3 Woocommerce, Wordpress, Wpbean | 3 Woocommerce, Wordpress, Wpb Quick View | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Quick View for WooCommerce allows Stored XSS. This issue affects WPB Quick View for WooCommerce: from n/a through 2.1.8. | ||||
| CVE-2025-57964 | 2 Photonicgnostic, Wordpress | 2 Library Bookshelves, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in photonicgnostic Library Bookshelves allows Stored XSS. This issue affects Library Bookshelves: from n/a through 5.11. | ||||
| CVE-2025-58229 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 2.0. | ||||
| CVE-2025-58226 | 2 Iberezansky, Wordpress | 2 3d Flipbook, Wordpress | 2025-09-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Retrieve Embedded Sensitive Data. This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.16.16. | ||||
| CVE-2025-57966 | 2 Ghozylab, Wordpress | 2 Gallery Lightbox, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery Lightbox allows Stored XSS. This issue affects Gallery Lightbox: from n/a through 1.0.0.41. | ||||
| CVE-2025-57963 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing allows DOM-Based XSS. This issue affects Zoho Billing: from n/a through 4.1. | ||||
| CVE-2025-57969 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in Jeremy Saxey Hide WP Toolbar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hide WP Toolbar: from n/a through 2.7. | ||||
| CVE-2025-58027 | 2 Wordpress, Wpo-hr | 2 Wordpress, Ngg Smart Image Search | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpo-HR NGG Smart Image Search allows Stored XSS. This issue affects NGG Smart Image Search: from n/a through 3.4.3. | ||||
| CVE-2025-58026 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in termageddon Termageddon: Cookie Consent & Privacy Compliance allows Stored XSS. This issue affects Termageddon: Cookie Consent & Privacy Compliance: from n/a through 1.8.1. | ||||