Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
7123 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62949 | 2 Buddydev, Wordpress | 2 Activity Plus Reloaded For Buddypress, Wordpress | 2025-11-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Stored XSS.This issue affects Activity Plus Reloaded for BuddyPress: from n/a through <= 1.1.2. | ||||
| CVE-2025-62948 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Konstantin Pankratov Date counter date-counter allows Stored XSS.This issue affects Date counter: from n/a through <= 2.0.3. | ||||
| CVE-2025-62947 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.3. | ||||
| CVE-2025-62946 | 2 Everestthemes, Wordpress | 2 Everest Backup, Wordpress | 2025-11-13 | 8.8 High |
| Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8. | ||||
| CVE-2025-62945 | 2 Eduard Pinuaga Linares, Wordpress | 2 Did Prestashop Display, Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <= 1.0.30. | ||||
| CVE-2025-62944 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 9.8 Critical |
| Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: from n/a through <= 1.4. | ||||
| CVE-2025-62943 | 2 Matt Mcinvale, Wordpress | 2 Next Page, Wordpress | 2025-11-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt McInvale Next Page, Not Next Post next-page-not-next-post allows Stored XSS.This issue affects Next Page, Not Next Post: from n/a through <= 0.3.0. | ||||
| CVE-2025-62942 | 2 Tempranova, Wordpress | 2 Wp Mapbox Gl Js Maps, Wordpress | 2025-11-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tempranova WP Mapbox GL JS Maps wp-mapbox-gl-js allows Stored XSS.This issue affects WP Mapbox GL JS Maps: from n/a through <= 3.0.1. | ||||
| CVE-2025-62941 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Events Maker by dFactory events-maker allows Stored XSS.This issue affects Events Maker by dFactory: from n/a through <= 1.6.14. | ||||
| CVE-2025-62940 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Diego Blox Lite blox-lite allows Stored XSS.This issue affects Blox Lite: from n/a through <= 1.2.8. | ||||
| CVE-2025-62939 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Open Currency Converter artiss-currency-converter allows Stored XSS.This issue affects Open Currency Converter: from n/a through <= 1.5.0. | ||||
| CVE-2025-62938 | 2 Reoon Technology, Wordpress | 2 Reoon Email Verifier, Wordpress | 2025-11-13 | 8.1 High |
| Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through <= 2.0.1. | ||||
| CVE-2025-62937 | 2 Johnny, Wordpress | 2 Post List Featured Image, Wordpress | 2025-11-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johnny Post List Featured Image post-list-featured-image allows Stored XSS.This issue affects Post List Featured Image: from n/a through <= 0.5.9. | ||||
| CVE-2025-62936 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Jthemes xSmart xsmart allows Code Injection.This issue affects xSmart: from n/a through <= 1.2.9.4. | ||||
| CVE-2025-62935 | 3 Ilmosys, Woocommerce, Wordpress | 3 Open Close Woocommerce Store, Woocommerce, Wordpress | 2025-11-13 | 8.1 High |
| Missing Authorization vulnerability in ilmosys Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.8. | ||||
| CVE-2025-62934 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through <= 1.4. | ||||
| CVE-2025-62933 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1. | ||||
| CVE-2025-62932 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: from n/a through <= 2.3.2. | ||||
| CVE-2025-62931 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.8.7. | ||||
| CVE-2025-62930 | 2 Mapsvg, Wordpress | 2 Mapsvg, Wordpress | 2025-11-13 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through <= 8.7.15. | ||||