Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
4898 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53581 | 2 Artiosmedia, Wordpress | 2 Rss Feed Pro, Wordpress | 2025-08-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro allows Stored XSS. This issue affects RSS Feed Pro: from n/a through 1.1.8. | ||||
| CVE-2025-53347 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2025-08-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3. | ||||
| CVE-2025-52767 | 2 Lisensee, Wordpress | 2 Netinsight Analytics Implementation Plugin, Wordpress | 2025-08-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Cross Site Request Forgery. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3. | ||||
| CVE-2025-54740 | 2 Michael Nelson, Wordpress | 2 Print My Blog, Wordpress | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS. This issue affects Print My Blog: from n/a through 3.27.9. | ||||
| CVE-2025-54739 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2025-08-15 | 5.3 Medium |
| Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexter Blocks: from n/a through 4.5.4. | ||||
| CVE-2025-55714 | 2 Crocoblock, Wordpress | 2 Jetelements For Elementor, Wordpress | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.9. | ||||
| CVE-2025-55713 | 2 Creativethemes, Wordpress | 2 Blocksy, Wordpress | 2025-08-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.1.6. | ||||
| CVE-2025-53219 | 2 Pl4g4, Wordpress | 2 Wp-database-optimizer-tools, Wordpress | 2025-08-15 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools allows Cross Site Request Forgery. This issue affects WP-Database-Optimizer-Tools: from n/a through 0.2. | ||||
| CVE-2025-53582 | 2 Wordlift, Wordpress | 2 Wordlift, Wordpress | 2025-08-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS. This issue affects WordLift: from n/a through 3.54.5. | ||||
| CVE-2025-53341 | 2 Themovation, Wordpress | 2 Stratus, Wordpress | 2025-08-15 | 4.3 Medium |
| Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5. | ||||
| CVE-2025-52765 | 2 Lisensee, Wordpress | 2 Netinsight Analytics Implementation Plugin, Wordpress | 2025-08-15 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Stored XSS. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3. | ||||
| CVE-2025-52797 | 2 Josepsitjar, Wordpress | 2 Storymap, Wordpress | 2025-08-15 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1. | ||||
| CVE-2025-49321 | 2 Themewinter, Wordpress | 2 Eventin, Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28. | ||||
| CVE-2025-49064 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User Language Switch: from n/a through 1.6.10. | ||||
| CVE-2025-49063 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduXZH Submit(百度熊掌号): from n/a through 1.4.6. | ||||
| CVE-2025-49062 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS. This issue affects WP-jScrollPane: from n/a through 2.0.3. | ||||
| CVE-2025-25174 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 10 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inclusion. This issue affects BeeTeam368 Extensions: from n/a through 1.9.4. | ||||
| CVE-2025-49061 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed allows Stored XSS. This issue affects Porn Videos Embed: from n/a through 0.9.1. | ||||
| CVE-2025-28962 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 6.5 Medium |
| Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Google Universal Analytics: from n/a through 1.0.3. | ||||
| CVE-2025-28979 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2025-08-14 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3. | ||||