Filtered by vendor Wordpress
Subscriptions
Total
7258 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59572 | 2 Purethemes, Wordpress | 2 Workscout Core, Wordpress | 2025-09-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core allows Cross Site Request Forgery. This issue affects WorkScout-Core: from n/a through n/a. | ||||
| CVE-2025-59561 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4. | ||||
| CVE-2025-57947 | 2 Ays-pro, Wordpress | 2 Photo Gallery, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Photo Gallery by Ays allows DOM-Based XSS. This issue affects Photo Gallery by Ays: from n/a through 6.3.6. | ||||
| CVE-2025-57921 | 2 Najeebmedia, Wordpress | 2 Frontend File Manager, Wordpress | 2025-09-23 | 5.3 Medium |
| Missing Authorization vulnerability in N-Media Frontend File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frontend File Manager: from n/a through 23.2. | ||||
| CVE-2025-59588 | 2 Pencidesign, Wordpress | 2 Soledad, Wordpress | 2025-09-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad allows PHP Local File Inclusion. This issue affects Soledad: from n/a through 8.6.8. | ||||
| CVE-2025-53467 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Login-Logout allows Stored XSS. This issue affects Login-Logout: from n/a through 3.8. | ||||
| CVE-2025-53456 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in activewebsight SEO Backlink Monitor allows Cross Site Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0. | ||||
| CVE-2025-59573 | 2 Cozythemes, Wordpress | 2 Cozy Blocks, Wordpress | 2025-09-23 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CozyThemes Cozy Blocks allows Code Injection. This issue affects Cozy Blocks: from n/a through 2.1.29. | ||||
| CVE-2025-57945 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cedcommerce WP Advanced PDF allows Stored XSS. This issue affects WP Advanced PDF: from n/a through 1.1.7. | ||||
| CVE-2025-57911 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Adverts allows DOM-Based XSS. This issue affects Adverts: from n/a through 1.4. | ||||
| CVE-2025-57918 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude allows Stored XSS. This issue affects LinkedInclude: from n/a through 3.0.4. | ||||
| CVE-2025-57908 | 3 Prowcplugins, Woocommerce, Wordpress | 3 Product Time Countdown, Woocommerce, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for WooCommerce: from n/a through 1.6.4. | ||||
| CVE-2025-53570 | 2 Delucks, Wordpress | 2 Delucks Seo, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO allows Stored XSS. This issue affects DELUCKS SEO: from n/a through 2.7.0. | ||||
| CVE-2025-57907 | 2 Heureka, Wordpress | 2 Heureka, Wordpress | 2025-09-23 | 5.3 Medium |
| Missing Authorization vulnerability in Heureka Group Heureka allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Heureka: from n/a through 1.1.0. | ||||
| CVE-2025-57939 | 3 Blocksera, Elementor, Wordpress | 3 Image Hover Effects, Elementor, Wordpress | 2025-09-23 | 5.3 Medium |
| Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4.4. | ||||
| CVE-2025-57914 | 3 Matat Technologies, Woocommerce, Wordpress | 3 Deliver Via Shipos, Woocommerce, Wordpress | 2025-09-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Cross Site Request Forgery. This issue affects Deliver via Shipos for WooCommerce: from n/a through 3.0.2. | ||||
| CVE-2025-53469 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows Stored XSS. This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.2. | ||||
| CVE-2025-53466 | 2 Codesolz, Wordpress | 2 Better Find And Replace, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Better Find and Replace allows Stored XSS. This issue affects Better Find and Replace: from n/a through 1.7.6. | ||||
| CVE-2025-57922 | 3 Coordinadora Mercantil, Woocommerce, Wordpress | 3 Envios Coordinadora, Woocommerce, Wordpress | 2025-09-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce allows Retrieve Embedded Sensitive Data. This issue affects Envíos Coordinadora Woocommerce: from n/a through 1.1.31. | ||||
| CVE-2025-53465 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector allows Object Injection. This issue affects GSheets Connector: from n/a through 1.1.1. | ||||