Filtered by vendor Wordpress
Subscriptions
Total
5588 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31590 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Denra.com WP Date and Time Shortcode allows Stored XSS. This issue affects WP Date and Time Shortcode: from n/a through 2.6.7. | ||||
| CVE-2024-11432 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'counter' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-39375 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ashok G Easy Child Theme Creator allows Cross Site Request Forgery.This issue affects Easy Child Theme Creator: from n/a through 1.3.1. | ||||
| CVE-2024-5788 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-37452 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Schema Lite allows Cross Site Request Forgery.This issue affects Schema Lite: from n/a through 1.2.2. | ||||
| CVE-2024-32954 | 2 Tribulant, Wordpress | 2 Newsletters, Wordpress | 2025-07-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | ||||
| CVE-2025-27327 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Winlin Live Streaming Video Player – by SRS Player allows DOM-Based XSS. This issue affects Live Streaming Video Player – by SRS Player: from n/a through 1.0.18. | ||||
| CVE-2024-32555 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6. | ||||
| CVE-2024-13320 | 2 Villatheme, Wordpress | 2 Curcy - Woocommerce Multi Currency - Currency Switcher, Wordpress | 2025-07-12 | 7.5 High |
| The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-27356 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Hardik Sticky Header On Scroll allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sticky Header On Scroll: from n/a through 1.0. | ||||
| CVE-2024-49266 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thimo Grauerholz WP-Spreadplugin allows Stored XSS.This issue affects WP-Spreadplugin: from n/a through 4.8.9. | ||||
| CVE-2025-32193 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMinds Simple WP Events allows Stored XSS. This issue affects Simple WP Events: from n/a through 1.8.17. | ||||
| CVE-2025-39551 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47. | ||||
| CVE-2024-54239 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18. | ||||
| CVE-2024-32529 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Momoyoga Yoga Schedule Momoyoga allows Stored XSS.This issue affects Yoga Schedule Momoyoga: from n/a through 2.7.0. | ||||
| CVE-2024-52447 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.6 High |
| Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1. | ||||
| CVE-2024-12815 | 2 Wordpress, Zipang | 2 Wordpress, Point Maker | 2025-07-12 | 6.4 Medium |
| The Point Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'point_maker' shortcode in all versions up to, and including, 0.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23885 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MJ Contact us allows Reflected XSS. This issue affects MJ Contact us: from n/a through 5.2.3. | ||||
| CVE-2024-33916 | 2 Machothemes, Wordpress | 2 Cpo Companion, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MachoThemes CPO Companion allows Stored XSS.This issue affects CPO Companion: from n/a through 1.1.0. | ||||
| CVE-2025-27345 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Reflected XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.19. | ||||