Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
6026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58672 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.4 Medium |
| Missing Authorization vulnerability in Tareq Hasan WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.1.11. | ||||
| CVE-2025-58671 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in morganrichards Auction Feed allows Stored XSS. This issue affects Auction Feed: from n/a through 1.1.3. | ||||
| CVE-2025-58670 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection allows Stored XSS. This issue affects WP Content Protection: from n/a through 1.3. | ||||
| CVE-2025-58669 | 3 Magento, Modern Minds, Wordpress | 3 Magento, Magento 2 Wordpress Integration, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration allows Stored XSS. This issue affects Magento 2 WordPress Integration: from n/a through 1.4.1. | ||||
| CVE-2025-58668 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in VibeThemes WPLMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLMS : from n/a through 4.970. | ||||
| CVE-2025-58667 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.4 Medium |
| Missing Authorization vulnerability in CridioStudio ListingPro Reviews allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro Reviews: from n/a through 1.6. | ||||
| CVE-2025-58666 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Website Chat Button: Kommo integration: from n/a through 1.3.1. | ||||
| CVE-2025-58665 | 2 Tmontg1, Wordpress | 2 Form Generator, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmontg1 Form Generator for WordPress allows Stored XSS. This issue affects Form Generator for WordPress: from n/a through 1.5.2. | ||||
| CVE-2025-58664 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Text To Speech TTS Accessibility: from n/a through 1.9.20. | ||||
| CVE-2025-58663 | 2 Themeum, Wordpress | 2 Qubely, Wordpress | 2025-09-23 | 4.3 Medium |
| Missing Authorization vulnerability in Themeum Qubely allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Qubely: from n/a through 1.8.14. | ||||
| CVE-2025-58662 | 2 Getawesomesupport, Wordpress | 2 Awesome Support, Wordpress | 2025-09-23 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support allows Object Injection. This issue affects Awesome Support: from n/a through 6.3.4. | ||||
| CVE-2025-58661 | 2 Ezee Technosys, Wordpress | 2 Ezee Online Hotel Booking Engine, Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eZee Technosys eZee Online Hotel Booking Engine allows Stored XSS. This issue affects eZee Online Hotel Booking Engine: from n/a through 1.0.0. | ||||
| CVE-2025-58660 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.4 Medium |
| Missing Authorization vulnerability in brandexponents Oshine Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Oshine Core: from n/a through 1.5.5. | ||||
| CVE-2025-58659 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.3 Medium |
| Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ allows Retrieve Embedded Sensitive Data. This issue affects Helpie FAQ: from n/a through 1.39. | ||||
| CVE-2025-58658 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proof Factor LLC Proof Factor – Social Proof Notifications allows Stored XSS. This issue affects Proof Factor – Social Proof Notifications: from n/a through 1.0.5. | ||||
| CVE-2025-58657 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in EdwardBock Grid allows Stored XSS. This issue affects Grid: from n/a through 2.3.1. | ||||
| CVE-2025-58656 | 3 Risto Niinemets, Woocommerce, Wordpress | 3 Estonian Shipping Methods, Woocommerce, Wordpress | 2025-09-23 | 5.3 Medium |
| Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a through 1.7.2. | ||||
| CVE-2025-58655 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mattia Roccoberton Category Featured Images allows Stored XSS. This issue affects Category Featured Images: from n/a through 1.1.8. | ||||
| CVE-2025-58654 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language allows DOM-Based XSS. This issue affects xili-language: from n/a through 2.21.3. | ||||
| CVE-2025-58653 | 2 Js Morisset, Wordpress | 2 Jsm Shortcode, Wordpress | 2025-09-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JS Morisset JSM file_get_contents() Shortcode allows Stored XSS. This issue affects JSM file_get_contents() Shortcode: from n/a through 2.7.1. | ||||