Filtered by vendor Wordpress Subscriptions
Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 11882 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-31745 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This issue affects Subscription Form for Feedblitz: from n/a through <= 1.0.9.
CVE-2025-31744 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed allows Stored XSS.This issue affects Lightweight and Responsive Youtube Embed: from n/a through <= 1.0.0.
CVE-2025-31743 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed allows Stored XSS.This issue affects Lightweight and Responsive Youtube Embed: from n/a through <= 1.0.0.
CVE-2025-31742 1 Wordpress 1 Wordpress 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelDima Dima Take Action dima-take-action allows Stored XSS.This issue affects Dima Take Action: from n/a through <= 1.0.5.
CVE-2025-31741 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filtr8 Easy Magazine filtr8-magazine allows DOM-Based XSS.This issue affects Easy Magazine: from n/a through <= 2.1.13.
CVE-2025-31738 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yazamodeveloper LeadQuizzes leadquizzes allows Stored XSS.This issue affects LeadQuizzes: from n/a through <= 1.1.0.
CVE-2025-31737 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dxladner Client Showcase client-showcase allows Stored XSS.This issue affects Client Showcase: from n/a through <= 1.2.0.
CVE-2025-31736 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Missing Authorization vulnerability in richtexteditor Rich Text Editor richtexteditor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
CVE-2025-31733 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap wpsitemap allows Stored XSS.This issue affects WP Sitemap: from n/a through <= 1.0.0.
CVE-2025-31731 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip John Author Bio Shortcode author-bio-shortcode allows Stored XSS.This issue affects Author Bio Shortcode: from n/a through <= 2.5.3.
CVE-2025-31730 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Marketer Addons marketer-addons allows Stored XSS.This issue affects Marketer Addons: from n/a through <= 1.0.1.
CVE-2025-31643 2 Dasinfomedia, Wordpress 2 Wpchurch Church Management System, Wordpress 2026-04-23 8.8 High
Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH church-management allows Privilege Escalation.This issue affects WPCHURCH: from n/a through <= 2.7.0.
CVE-2025-31642 2 Dasinfomedia, Wordpress 2 Wpchurch Church Management System, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH church-management allows Reflected XSS.This issue affects WPCHURCH: from n/a through <= 2.7.0.
CVE-2025-31641 1 Wordpress 1 Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider uber-classic allows SQL Injection.This issue affects UberSlider: from n/a through < 2.6.
CVE-2025-31639 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare spare allows Cross Site Request Forgery.This issue affects Spare: from n/a through <= 1.7.
CVE-2025-31637 1 Wordpress 1 Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows SQL Injection.This issue affects SHOUT: from n/a through <= 3.5.3.
CVE-2025-31632 1 Wordpress 1 Wordpress 2026-04-23 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom laboom allows PHP Local File Inclusion.This issue affects La Boom: from n/a through <= 2.7.
CVE-2025-31630 1 Wordpress 1 Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in themeton The Business nrgbusiness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Business: from n/a through <= 1.6.1.
CVE-2025-31629 1 Wordpress 1 Wordpress 2026-04-23 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Allred Infusionsoft Web Form JavaScript infusionsoft-web-form-javascript allows Stored XSS.This issue affects Infusionsoft Web Form JavaScript: from n/a through <= 1.1.1.
CVE-2025-31628 2 Slicedinvoices, Wordpress 2 Sliced Invoices, Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in SlicedInvoices Sliced Invoices sliced-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliced Invoices: from n/a through <= 3.10.0.