Filtered by vendor Wordpress
Subscriptions
Total
5584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49815 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. | ||||
| CVE-2025-23475 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2. | ||||
| CVE-2025-23954 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11. | ||||
| CVE-2024-37502 | 2 Wordpress, Wpweb | 2 Wordpress, Woocommerce Social Login | 2025-07-13 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3. | ||||
| CVE-2025-31611 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Post After Image Upload: from n/a through 1.6. | ||||
| CVE-2025-31782 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in pupunzi mb.YTPlayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects mb.YTPlayer: from n/a through 3.3.8. | ||||
| CVE-2025-23478 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Photo Video Store allows Reflected XSS. This issue affects Photo Video Store: from n/a through 21.07. | ||||
| CVE-2024-2580 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2. | ||||
| CVE-2024-37104 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Chic Lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through 1.1.3. | ||||
| CVE-2024-37962 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1. | ||||
| CVE-2025-24619 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WP Log Action allows Reflected XSS. This issue affects WP Log Action: from n/a through 0.51. | ||||
| CVE-2025-25120 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3. | ||||
| CVE-2024-2499 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-6327 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them. | ||||
| CVE-2024-55974 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AMS Nexe Iberica Mimoos allows SQL Injection.This issue affects Mimoos: from n/a through 1.2. | ||||
| CVE-2024-12922 | 2 Themegoods, Wordpress | 2 Altair, Wordpress | 2025-07-13 | 9.8 Critical |
| The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-23662 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana WP Panoramio allows Stored XSS.This issue affects WP Panoramio: from n/a through 1.5.0. | ||||
| CVE-2024-56036 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ondrej Donek odPhotogallery allows Reflected XSS.This issue affects odPhotogallery: from n/a through 0.5.3. | ||||
| CVE-2023-40001 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13. | ||||
| CVE-2024-11133 | 2 Imithemes, Wordpress | 2 Eventer, Wordpress | 2025-07-13 | 5.3 Medium |
| The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets. | ||||