Filtered by vendor Wordpress
Subscriptions
Total
5301 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-47337 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite.This issue affects Joy Of Text Lite: from n/a through 2.3.1. | ||||
CVE-2024-9454 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
The PriPre plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
CVE-2025-39426 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in illow illow – Cookies Consent allows Cross Site Request Forgery. This issue affects illow – Cookies Consent: from n/a through 0.2.0. | ||||
CVE-2024-34421 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsurface BlogLentor allows Stored XSS.This issue affects BlogLentor: from n/a through 1.0.8. | ||||
CVE-2024-10179 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2024-11751 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
CVE-2025-31621 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpaulsson byBrick Accordion allows Stored XSS. This issue affects byBrick Accordion: from n/a through 1.0. | ||||
CVE-2024-11008 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
CVE-2025-28905 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid allows Stored XSS. This issue affects Featured Posts Grid: from n/a through 1.7. | ||||
CVE-2024-38765 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Freelancelot Oceanic allows Cross Site Request Forgery.This issue affects Oceanic: from n/a through 1.0.48. | ||||
CVE-2025-32604 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Aslani AWSA Shipping allows Reflected XSS. This issue affects AWSA Shipping: from n/a through 1.3.0. | ||||
CVE-2025-30606 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Logan Carlile Easy Page Transition allows Stored XSS. This issue affects Easy Page Transition: from n/a through 1.0.1. | ||||
CVE-2024-37923 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Cliengo – Chatbot.This issue affects Cliengo – Chatbot: from n/a through 3.0.1. | ||||
CVE-2025-23445 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Cross-Site Request Forgery (CSRF) vulnerability in Scott Swezey Easy Tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through 0.2.5.1. | ||||
CVE-2025-22342 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Simple Sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through 0.2. | ||||
CVE-2024-34571 | 2 Themegrill, Wordpress | 2 Himalayas, Wordpress | 2025-07-13 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0. | ||||
CVE-2025-24687 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lars Wallenborn Show/Hide Shortcode allows Stored XSS. This issue affects Show/Hide Shortcode: from n/a through 1.0.0. | ||||
CVE-2024-56013 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Wovax, LLC. Wovax IDX allows Authentication Bypass.This issue affects Wovax IDX: from n/a through 1.2.2. | ||||
CVE-2024-52417 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes ReConstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through 1.4.7. | ||||
CVE-2025-23889 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FooGallery Captions allows Reflected XSS. This issue affects FooGallery Captions: from n/a through 1.0.2. |