Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
6026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24699 | 2 Wordpress, Wow-company | 2 Wordpress, Wp Coder | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6. | ||||
| CVE-2025-24706 | 2 Multivendorx, Wordpress | 2 Wc Marketplace, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Stored XSS. This issue affects WC Marketplace: from n/a through 4.2.13. | ||||
| CVE-2025-24716 | 2 Wordpress, Wow-company | 2 Wordpress, Herd Effects | 2025-07-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1. | ||||
| CVE-2025-24720 | 2 Wordpress, Wow-company | 2 Wordpress, Sticky Buttons | 2025-07-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1. | ||||
| CVE-2025-24734 | 2 Codesolz, Wordpress | 2 Better Find And Replace, Wordpress | 2025-07-12 | 8.8 High |
| Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7. | ||||
| CVE-2025-24740 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2025-07-12 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1. | ||||
| CVE-2025-24751 | 2 Godaddy, Wordpress | 2 Coblocks, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13. | ||||
| CVE-2025-24752 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Essential Addons For Elementor | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Reflected XSS. This issue affects Essential Addons for Elementor: from n/a through 6.0.14. | ||||
| CVE-2025-25080 | 2 Gubbigubbi, Wordpress | 2 Kona Gallery Block, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7. | ||||
| CVE-2025-25151 | 2 Stylemixthemes, Wordpress | 2 Ulisting, Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes uListing allows SQL Injection. This issue affects uListing: from n/a through 2.1.6. | ||||
| CVE-2025-26742 | 2 Ghozylab, Wordpress | 2 Gallery For Social Photo, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35. | ||||
| CVE-2025-26760 | 2 Wordpress, Wow-company | 2 Wordpress, Calculator-builder | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder allows PHP Local File Inclusion. This issue affects Calculator Builder: from n/a through 1.6.2. | ||||
| CVE-2025-26762 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 9.7.0. | ||||
| CVE-2025-26932 | 2 Quantumcloud, Wordpress | 3 Chatbot, Wpbot, Wordpress | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5. | ||||
| CVE-2025-26951 | 2 Covertnine, Wordpress | 2 C9 Blocks, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7. | ||||
| CVE-2025-26995 | 2 Anton Vanyukov, Wordpress | 2 Market Exporter, Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21. | ||||
| CVE-2025-27294 | 2 Platcom, Wordpress | 2 Wp-asambleas, Wordpress | 2025-07-12 | 4.8 Medium |
| Missing Authorization vulnerability in platcom WP-Asambleas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP-Asambleas: from n/a through 2.85.0. | ||||
| CVE-2025-2477 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.7 Medium |
| The CryoKey plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ckemail’ parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-2542 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2025-2802 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.3 High |
| The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||