Filtered by vendor Wordpress
Subscriptions
Total
5202 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23529 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5. | ||||
| CVE-2025-3520 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.1 High |
| The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-23514 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Sanjaysolutions Loginplus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Loginplus: from n/a through 1.2. | ||||
| CVE-2025-31101 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0. | ||||
| CVE-2024-49278 | 2 Omnipressteam, Wordpress | 2 Omnipress, Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3. | ||||
| CVE-2025-23648 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wjharil AdsMiddle allows Reflected XSS. This issue affects AdsMiddle: from n/a through 1.0. | ||||
| CVE-2024-31114 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | ||||
| CVE-2025-31891 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gosign Gosign – Posts Slider Block allows Stored XSS. This issue affects Gosign – Posts Slider Block: from n/a through 1.1.0. | ||||
| CVE-2024-56045 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.3 Critical |
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5. | ||||
| CVE-2024-4135 | 2 Joomunited, Wordpress | 2 Wp Latest Posts, Wordpress | 2025-07-13 | 5.4 Medium |
| The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2023-49167 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Code4Life Database for CF7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through 1.2.4. | ||||
| CVE-2024-50516 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock allows Stored XSS.This issue affects Countdown & Clock: from n/a through 2.8.0.9. | ||||
| CVE-2025-39456 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in iTRON WP Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logger: from n/a through 2.2. | ||||
| CVE-2024-27988 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2. | ||||
| CVE-2025-26980 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wired Impact Wired Impact Volunteer Management allows Stored XSS. This issue affects Wired Impact Volunteer Management: from n/a through 2.5. | ||||
| CVE-2025-26565 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUPress allows Reflected XSS. This issue affects GNUPress: from n/a through 0.2.9. | ||||
| CVE-2024-56015 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up allows Reflected XSS.This issue affects Tidy Up: from n/a through 1.3. | ||||
| CVE-2024-12066 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2024-44011 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from n/a through 1.0.5. | ||||
| CVE-2025-48121 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget allows DOM-Based XSS. This issue affects WP Notes Widget: from n/a through 1.0.6. | ||||