Filtered by vendor Wordpress
Subscriptions
Total
5178 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24541 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emili Castells DK White Label allows Reflected XSS. This issue affects DK White Label: from n/a through 1.0. | ||||
| CVE-2025-24556 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 7.5 High |
| Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle allows Retrieve Embedded Sensitive Data. This issue affects MooWoodle: from n/a through 3.2.4. | ||||
| CVE-2025-24569 | 2 Redefiningtheweb, Wordpress | 2 Pdf Generator Addon For Elementor Page Builder, Wordpress | 2025-02-03 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Path Traversal. This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.5. | ||||
| CVE-2025-24684 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5. | ||||
| CVE-2025-22685 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to Keywords allows Stored XSS. This issue affects Tags to Keywords: from n/a through 1.0.1. | ||||
| CVE-2025-22688 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS. This issue affects Unlimited Page Sidebars: from n/a through 0.2.6. | ||||
| CVE-2025-24642 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 6.5 Medium |
| Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2. | ||||
| CVE-2025-24643 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 6.5 Medium |
| Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. | ||||
| CVE-2025-22292 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felipe Peixoto Powerful Auto Chat allows Stored XSS. This issue affects Powerful Auto Chat: from n/a through 1.9.8. | ||||
| CVE-2025-22682 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hesabfa Hesabfa Accounting allows Reflected XSS. This issue affects Hesabfa Accounting: from n/a through 2.1.2. | ||||
| CVE-2025-22684 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking allows Stored XSS. This issue affects WP BASE Booking: from n/a through 5.0.0. | ||||
| CVE-2025-23984 | 1 Wordpress | 1 Wordpress | 2025-02-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS. This issue affects Dynamic URL SEO: from n/a through 1.0. | ||||
| CVE-2024-13767 | 1 Wordpress | 1 Wordpress | 2025-01-31 | 8.1 High |
| The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2024-13396 | 1 Wordpress | 1 Wordpress | 2025-01-31 | 6.4 Medium |
| The Frictionless plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'frictionless_form' shortcode[s] in all versions up to, and including, 0.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13717 | 2 Vcita, Wordpress | 2 Contact Form And Calls To Action By Vcita, Wordpress | 2025-01-31 | 4.3 Medium |
| The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to enabled and disable widgets. | ||||
| CVE-2024-44055 | 1 Wordpress | 1 Wordpress | 2025-01-31 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Modules. This issue affects Oshine Modules: from n/a through n/a. | ||||
| CVE-2024-13566 | 1 Wordpress | 1 Wordpress | 2025-01-31 | 6.4 Medium |
| The WP DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 0.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-22341 | 1 Wordpress | 1 Wordpress | 2025-01-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohammad Hossein Aghanabi Hide Login+ allows Reflected XSS. This issue affects Hide Login+: from n/a through 3.5.1. | ||||
| CVE-2025-22564 | 1 Wordpress | 1 Wordpress | 2025-01-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faaiq Pretty Url allows Reflected XSS. This issue affects Pretty Url: from n/a through 1.5.4. | ||||
| CVE-2025-23978 | 1 Wordpress | 1 Wordpress | 2025-01-31 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ninos Ego FlashCounter allows Stored XSS. This issue affects FlashCounter: from n/a through 1.1.8. | ||||