Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
6026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3702 | 2 Melapress, Wordpress | 2 Melapress File Monitor, Wordpress | 2025-07-09 | 5.4 Medium |
| Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a before 2.2.0. | ||||
| CVE-2025-53258 | 2 Wordpress, Wow-company | 2 Wordpress, Hover Effects | 2025-07-08 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through 2.1.2. | ||||
| CVE-2025-5338 | 3 Royal-elementor-addons, Wordpress, Wproyal | 3 Royal Elementor Addons, Wordpress, Royal Elementor Addons And Templates | 2025-07-08 | 6.4 Medium |
| The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-5932 | 2 Coolrunner, Wordpress | 3 Homerunner, Homerunner Plugin, Wordpress | 2025-07-07 | 4.3 Medium |
| The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-6252 | 2 Qodeinteractive, Wordpress | 2 Qi Addons For Elementor, Wordpress | 2025-07-07 | 6.4 Medium |
| The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-53202 | 2 Cyberchimps, Wordpress | 2 Responsive Blocks, Wordpress | 2025-07-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows DOM-Based XSS. This issue affects Responsive Blocks: from n/a through 2.0.6. | ||||
| CVE-2025-53311 | 2 Amol Nirmala Waman, Wordpress | 2 Navayan Subscribe Plugin, Wordpress | 2025-07-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Amol Nirmala Waman Navayan Subscribe allows Stored XSS. This issue affects Navayan Subscribe: from n/a through 1.13. | ||||
| CVE-2025-52774 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2025-07-06 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global allows Reflected XSS. This issue affects Infility Global: from n/a through 2.12.7. | ||||
| CVE-2025-53259 | 2 Nicdark, Wordpress | 2 Hotel Booking, Wordpress | 2025-07-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.7. | ||||
| CVE-2025-53315 | 2 Alanft, Wordpress | 2 Relocate-upload, Wordpress | 2025-07-06 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in alanft Relocate Upload allows Stored XSS. This issue affects Relocate Upload: from n/a through 0.24.1. | ||||
| CVE-2025-52834 | 2 Favethemes, Wordpress | 2 Homey, Wordpress | 2025-07-06 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in favethemes Homey allows SQL Injection. This issue affects Homey: from n/a through 2.4.5. | ||||
| CVE-2025-53278 | 2 Wordpress, Wpeka | 2 Wordpress, Wp Adcenter | 2025-07-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter allows Stored XSS. This issue affects WP AdCenter: from n/a through 2.6.0. | ||||
| CVE-2025-53276 | 2 Omnipressteam, Wordpress | 2 Omnipress, Wordpress | 2025-07-06 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress allows DOM-Based XSS. This issue affects Omnipress: from n/a through 1.6.3. | ||||
| CVE-2025-49883 | 2 Thembay, Wordpress | 2 Greenmart, Wordpress | 2025-07-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart allows PHP Local File Inclusion. This issue affects Greenmart: from n/a through 4.2.3. | ||||
| CVE-2025-53200 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2025-07-06 | 4.3 Medium |
| Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3. | ||||
| CVE-2025-39362 | 2 Mollie, Wordpress | 2 Mollie Payments For Woocommerce, Wordpress | 2025-07-06 | 6.5 Medium |
| Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2. | ||||
| CVE-2025-32642 | 2 Appsbd, Wordpress | 2 Vite Coupon Plugin, Wordpress | 2025-06-27 | 10 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7. | ||||
| CVE-2025-32660 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-39380 | 2 Hospital Management System, Wordpress | 2 Hospital Management System, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023). | ||||
| CVE-2025-39401 | 2 Mojoomla, Wordpress | 2 Wpams Plugin, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | ||||