Filtered by vendor Wordpress
Subscriptions
Total
5608 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31445 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pages Order allows Reflected XSS. This issue affects Pages Order: from n/a through 1.1.3. | ||||
| CVE-2025-39498 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds (Premium): from n/a through 1.7.1. | ||||
| CVE-2024-11867 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Companion Portfolio – Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13463 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-31833 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.9 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in themeglow JobBoard Job listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBoard Job listing: from n/a through 1.2.7. | ||||
| CVE-2024-51923 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Websand Websand Subscription Form allows Stored XSS.This issue affects Websand Subscription Form: from n/a through 1.0.3. | ||||
| CVE-2024-55983 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Derek Hamilton PowerFormBuilder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through 1.0.6. | ||||
| CVE-2025-22582 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Nellé Uptime Robot allows Stored XSS.This issue affects Uptime Robot: from n/a through 0.1.3. | ||||
| CVE-2024-32821 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through 4.9.9. | ||||
| CVE-2025-3781 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raisely_donation_form shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-30980 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5. | ||||
| CVE-2025-46529 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StressFree Sites Business Contact Widget allows Stored XSS. This issue affects Business Contact Widget: from n/a through 2.7.0. | ||||
| CVE-2024-10588 | 2 Eugenbobrowski, Wordpress | 2 Debug Tool, Wordpress | 2025-07-12 | 4.3 Medium |
| The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well. | ||||
| CVE-2025-30594 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound Include URL allows Path Traversal. This issue affects Include URL: from n/a through 0.3.5. | ||||
| CVE-2024-11333 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-31842 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration allows Retrieve Embedded Sensitive Data. This issue affects Viral Loops WP Integration: from n/a through 3.4.0. | ||||
| CVE-2024-13412 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions. | ||||
| CVE-2024-43208 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Miller Media ( Matt Miller ) Send Emails with Mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through 1.4.1. | ||||
| CVE-2024-29816 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2. | ||||
| CVE-2024-30231 | 2 Webtoffee, Wordpress | 2 Product Import Export For Woocommerce, Wordpress | 2025-07-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. | ||||