Filtered by vendor Wordpress
Subscriptions
Total
5612 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56293 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasirahmed Advanced Form Integration allows Stored XSS.This issue affects Advanced Form Integration: from n/a through 1.95.0. | ||||
| CVE-2024-47333 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Tangible Loops & Logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through 4.1.4. | ||||
| CVE-2025-27301 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager allows Object Injection. This issue affects NHR Options Table Manager: from n/a through 1.1.2. | ||||
| CVE-2024-34770 | 2 Popup Maker, Wordpress | 2 Popup Maker Wp, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Popup Maker Popup Maker WP allows Stored XSS.This issue affects Popup Maker WP: from n/a through 1.2.8. | ||||
| CVE-2025-39441 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Dashboard Notepads allows Stored XSS. This issue affects Dashboard Notepads: from n/a through 1.2.1. | ||||
| CVE-2024-53794 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0. | ||||
| CVE-2025-23549 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Maniac SEO allows Reflected XSS. This issue affects Maniac SEO: from n/a through 2.0. | ||||
| CVE-2024-56065 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder.biz Team WP2LEADS allows Reflected XSS.This issue affects WP2LEADS: from n/a through 3.4.2. | ||||
| CVE-2024-54434 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue affects phZoom: from n/a through 1.2.92. | ||||
| CVE-2024-32528 | 2 Seerox, Wordpress | 2 Wp Dynamic Keywords Injector, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seerox WP Dynamic Keywords Injector allows Reflected XSS.This issue affects WP Dynamic Keywords Injector: from n/a through 2.3.18. | ||||
| CVE-2025-24702 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xagio Xagio SEO allows Stored XSS. This issue affects Xagio SEO: from n/a through 7.0.0.20. | ||||
| CVE-2024-53771 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sergio Micó SimpleSchema allows DOM-Based XSS.This issue affects SimpleSchema: from n/a through 1.7.6.9. | ||||
| CVE-2023-26002 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5. | ||||
| CVE-2025-30934 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects 診断ジェネレータ作成プラグイン: from n/a through 1.4.16. | ||||
| CVE-2025-46442 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3. | ||||
| CVE-2024-29820 | 2 Rednao, Wordpress | 2 Pdf Builder For Wpforms, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88. | ||||
| CVE-2025-28880 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Blue Captcha allows Reflected XSS. This issue affects Blue Captcha: from n/a through 1.7.4. | ||||
| CVE-2024-33538 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1. | ||||
| CVE-2025-26873 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in Shine theme Traveler.This issue affects Traveler: from n/a before 3.2.1. | ||||
| CVE-2024-2948 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user_favorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'no_favorites'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||