Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11882 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31443 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Furtak KK I Like It kk-i-like-it allows Stored XSS.This issue affects KK I Like It: from n/a through <= 1.7.5.3. | ||||
| CVE-2025-31438 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Benoit De Boeck WP Supersized wp-supersized allows Cross Site Request Forgery.This issue affects WP Supersized: from n/a through <= 3.1.6. | ||||
| CVE-2025-31433 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Miguel Sirvent Magic Embeds wp-embed-facebook allows Stored XSS.This issue affects Magic Embeds: from n/a through <= 3.1.2. | ||||
| CVE-2025-31432 | 2 Chop-chop, Wordpress | 2 Pop-up Chop Chop, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Chop Chop Pop-Up Chop Chop pop-up allows PHP Local File Inclusion.This issue affects Pop-Up Chop Chop: from n/a through <= 2.1.7. | ||||
| CVE-2025-31430 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton The Business nrgbusiness allows Object Injection.This issue affects The Business: from n/a through <= 1.6.1. | ||||
| CVE-2025-31428 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO hydro allows Reflected XSS.This issue affects HYDRO: from n/a through <= 2.8. | ||||
| CVE-2025-31425 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6. | ||||
| CVE-2025-31418 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel gravel allows Reflected XSS.This issue affects Gravel: from n/a through <= 1.6. | ||||
| CVE-2025-31417 | 2 Fahad Mahmood, Wordpress | 2 Wp Docs, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through < 2.2.7. | ||||
| CVE-2025-31415 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yayextra | 2026-04-23 | 7.6 High |
| Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2. | ||||
| CVE-2025-31413 | 2 Bdthemes, Wordpress | 2 Element Pack Elementor Addons, Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13. | ||||
| CVE-2025-31409 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core bridge-core allows Stored XSS.This issue affects Bridge Core: from n/a through < 3.3.1. | ||||
| CVE-2025-31404 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend af-tell-a-friend allows Stored XSS.This issue affects AF Tell a Friend: from n/a through <= 1.4. | ||||
| CVE-2025-31403 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification booking-calendar-and-notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through <= 4.0.3. | ||||
| CVE-2025-31401 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas mmx-make-me-christmas allows Stored XSS.This issue affects MMX – Make Me Christmas: from n/a through <= 1.0.0. | ||||
| CVE-2025-31400 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player ws-audio-player allows Stored XSS.This issue affects WS Audio Player: from n/a through <= 1.1.8. | ||||
| CVE-2025-31398 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose pimp allows Object Injection.This issue affects PIMP - Creative MultiPurpose: from n/a through <= 1.7. | ||||
| CVE-2025-31395 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Easy Custom CSS easy-custom-css allows Stored XSS.This issue affects Easy Custom CSS: from n/a through <= 1.0. | ||||
| CVE-2025-31394 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters more-mime-type-filters allows Stored XSS.This issue affects More Mime Type Filters: from n/a through <= 0.3. | ||||
| CVE-2025-31393 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED social-bookmarking-reloaded allows Stored XSS.This issue affects Social Bookmarking RELOADED: from n/a through <= 3.18. | ||||