Filtered by vendor Wordpress
Subscriptions
Total
5178 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1061 | 2 Nextendweb, Wordpress | 2 Nextend Social Login Pro, Wordpress | 2025-02-07 | 9.8 Critical |
| The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
| CVE-2025-25085 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather allows Stored XSS. This issue affects WP SimpleWeather: from n/a through 0.2.5. | ||||
| CVE-2025-25096 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titusbicknell RSS in Page allows Stored XSS. This issue affects RSS in Page: from n/a through 2.9.1. | ||||
| CVE-2025-25095 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1. | ||||
| CVE-2025-25093 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path Traversal. This issue affects Child Themes Helper: from n/a through 2.2.7. | ||||
| CVE-2025-25104 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20. | ||||
| CVE-2025-25080 | 2 Gubbigubbi, Wordpress | 2 Kona Gallery Block, Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7. | ||||
| CVE-2025-25081 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 4.2 Medium |
| Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1. | ||||
| CVE-2025-25088 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5. | ||||
| CVE-2025-25097 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1. | ||||
| CVE-2025-25106 | 2 Fancywp, Wordpress | 2 Starter Templates, Wordpress | 2025-02-07 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0. | ||||
| CVE-2025-25107 | 2 Sainwp, Wordpress | 2 Onestore Sites, Wordpress | 2025-02-07 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1. | ||||
| CVE-2025-25101 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7. | ||||
| CVE-2025-25105 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1. | ||||
| CVE-2024-13607 | 1 Wordpress | 1 Wordpress | 2025-02-04 | 4.3 Medium |
| The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user. | ||||
| CVE-2024-13514 | 1 Wordpress | 1 Wordpress | 2025-02-04 | 4.3 Medium |
| The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to. | ||||
| CVE-2025-24677 | 1 Wordpress | 1 Wordpress | 2025-02-04 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3. | ||||
| CVE-2025-24602 | 1 Wordpress | 1 Wordpress | 2025-02-04 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14. | ||||
| CVE-2025-24599 | 2 Tribulant, Wordpress | 2 Newsletters, Wordpress | 2025-02-04 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6. | ||||
| CVE-2025-22700 | 1 Wordpress | 1 Wordpress | 2025-02-04 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0. | ||||