Filtered by vendor Wordpress
Subscriptions
Total
11498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27339 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: from n/a through <= 1.2.0. | ||||
| CVE-2025-27333 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alvego Protected wp-login protected-wp-login allows Reflected XSS.This issue affects Protected wp-login: from n/a through <= 2.1. | ||||
| CVE-2025-27329 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inlinkz EZ InLinkz linkup inlinkz-scripter allows DOM-Based XSS.This issue affects EZ InLinkz linkup: from n/a through <= 0.18. | ||||
| CVE-2025-27328 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in queeez WP-PostRatings Cheater wp-postratings-cheater allows Cross Site Request Forgery.This issue affects WP-PostRatings Cheater: from n/a through <= 1.5. | ||||
| CVE-2025-27327 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Winlin Live Streaming Video Player – by SRS Player srs-player allows DOM-Based XSS.This issue affects Live Streaming Video Player – by SRS Player: from n/a through <= 1.0.18. | ||||
| CVE-2025-27323 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jon Bishop WP About Author wp-about-author allows DOM-Based XSS.This issue affects WP About Author: from n/a through <= 1.5. | ||||
| CVE-2025-27320 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pankaj Mondal Profile Widget Ninja profile-widget-ninja allows DOM-Based XSS.This issue affects Profile Widget Ninja: from n/a through <= 4.3. | ||||
| CVE-2025-27319 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivan82 User List user-list allows Reflected XSS.This issue affects User List: from n/a through <= 1.5.1. | ||||
| CVE-2025-27317 | 2 It-rays, Wordpress | 2 Rays Grid, Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid rays-grid allows Cross Site Request Forgery.This issue affects RAYS Grid: from n/a through <= 1.3.1. | ||||
| CVE-2025-27316 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG Compression and Optimization wp-image-compression allows Cross Site Request Forgery.This issue affects JPG, PNG Compression and Optimization: from n/a through <= 1.7.35. | ||||
| CVE-2025-27313 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bernd Altmeier Google Maps GPX Viewer google-maps-gpx-viewer allows Reflected XSS.This issue affects Google Maps GPX Viewer: from n/a through <= 3.6. | ||||
| CVE-2025-27311 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Content Creator bulk-content-creator allows Cross Site Request Forgery.This issue affects Bulk Content Creator: from n/a through <= 1.2.1. | ||||
| CVE-2025-27307 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oooorgle Quotes llama quotes-llama allows Reflected XSS.This issue affects Quotes llama: from n/a through <= 3.0.1. | ||||
| CVE-2025-27306 | 2 Pathomation, Wordpress | 2 Pathomation, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pathomation Pathomation pathomation allows Stored XSS.This issue affects Pathomation: from n/a through <= 2.5.1. | ||||
| CVE-2025-27304 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelogger Contact Form 7 Star Rating with font Awesome contact-form-7-star-rating-with-font-awersome allows Stored XSS.This issue affects Contact Form 7 Star Rating with font Awesome: from n/a through <= 1.3. | ||||
| CVE-2025-27301 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager nhrrob-options-table-manager allows Object Injection.This issue affects NHR Options Table Manager: from n/a through <= 1.1.2. | ||||
| CVE-2025-27299 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Asia MyTicket Events myticket-events allows Path Traversal.This issue affects MyTicket Events: from n/a through <= 1.2.4. | ||||
| CVE-2025-27296 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue revenueflex-easy-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue: from n/a through <= 1.5. | ||||
| CVE-2025-27294 | 2 Platcom, Wordpress | 2 Wp-asambleas, Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through <= 2.85.0. | ||||
| CVE-2025-27293 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webparexapp Shipmozo Courier Tracking webparex allows Reflected XSS.This issue affects Shipmozo Courier Tracking: from n/a through <= 1.0. | ||||