Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11830 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48322 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Finn Dohrn Statify Widget statify-widget allows Stored XSS.This issue affects Statify Widget: from n/a through <= 1.4.6. | ||||
| CVE-2025-30607 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Name.ly Quick Localization quick-localization allows Reflected XSS.This issue affects Quick Localization: from n/a through <= 0.1.0. | ||||
| CVE-2025-13311 | 2 Sigalitam, Wordpress | 2 Just Highlight, Wordpress | 2026-04-15 | 4.4 Medium |
| The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the plugin's settings page. | ||||
| CVE-2025-48320 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 baidushare-wp allows Stored XSS.This issue affects 百度分享按钮: from n/a through <= 1.0.6. | ||||
| CVE-2025-3749 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cal_size’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48319 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gslauraspeck Mesa Mesa Reservation Widget mesa-mesa-reservation-widget allows Stored XSS.This issue affects Mesa Mesa Reservation Widget: from n/a through <= 1.0.0. | ||||
| CVE-2025-62019 | 2 Wordpress, Wpzoom | 2 Wordpress, Recipe Card Blocks For Gutenberg & Elementor | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8. | ||||
| CVE-2025-31450 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phantom.omaga Toggle Box toggle-box allows Stored XSS.This issue affects Toggle Box: from n/a through <= 1.6. | ||||
| CVE-2025-62016 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-04-15 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. | ||||
| CVE-2025-30597 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iografica IG Shortcodes ig-shortcodes allows DOM-Based XSS.This issue affects IG Shortcodes: from n/a through <= 3.1. | ||||
| CVE-2025-53352 | 2 G5theme, Wordpress | 2 Grid-plus, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Grid Plus grid-plus allows Reflected XSS.This issue affects Grid Plus: from n/a through <= 3.3. | ||||
| CVE-2025-30817 | 2 Wordpress, Wpzita | 2 Wordpress, Z Companion | 2026-04-15 | N/A |
| Missing Authorization vulnerability in wpzita Z Companion z-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Z Companion: from n/a through <= 1.0.13. | ||||
| CVE-2025-23573 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in sammyb WP Background Tile wp-background-tile allows Stored XSS.This issue affects WP Background Tile: from n/a through <= 1.0. | ||||
| CVE-2025-67956 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration | 2026-04-15 | 8.2 High |
| Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6. | ||||
| CVE-2025-13309 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Accessiy By CodeConfig Accessibility – Easy One-Click Accessibility Toolbar That Truly Matters plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers with subscriber-level access and above to modify the plugin’s global accessibility settings. | ||||
| CVE-2025-48318 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 duoshuo allows Cross Site Request Forgery.This issue affects 多说社会化评论框: from n/a through <= 1.2. | ||||
| CVE-2025-12823 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csv' shortcode in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-62015 | 3 Josh Kohlbach, Woocommerce, Wordpress | 4 Advanced Coupons For Woocommerce Coupons, Woocommerce, Woocommerce Smart Coupons and 1 more | 2026-04-15 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.6.8. | ||||
| CVE-2025-30594 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in samsk Include URL include-url allows Path Traversal.This issue affects Include URL: from n/a through <= 0.3.5. | ||||
| CVE-2025-48314 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salubrio Add Code To Head add-code-to-head allows Stored XSS.This issue affects Add Code To Head: from n/a through <= 1.17. | ||||