Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
8957 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66158 | 2 Merkulove, Wordpress | 2 Gmaper For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Gmaper for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gmaper for Elementor: from n/a through 1.0.9. | ||||
| CVE-2025-62101 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Omid Shamloo Pardakht Delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through 3.0.0. | ||||
| CVE-2025-49337 | 2 Janhenckens, Wordpress | 2 Dashboard Beacon, Wordpress | 2026-01-05 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janhenckens Dashboard Beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through 1.2.0. | ||||
| CVE-2025-66159 | 2 Merkulove, Wordpress | 2 Walker For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Walker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through 1.1.6. | ||||
| CVE-2025-66157 | 2 Merkulove, Wordpress | 2 Slider For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider for Elementor: from n/a through 1.0.10. | ||||
| CVE-2025-62123 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ink themes WP Gmail SMTP allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through 1.0.7. | ||||
| CVE-2025-49339 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Missing Authorization vulnerability in Digages Direct Payments WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through 1.3.0. | ||||
| CVE-2025-49340 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0. | ||||
| CVE-2025-66156 | 2 Merkulove, Wordpress | 2 Watcher For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Watcher for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through 1.0.9. | ||||
| CVE-2025-62083 | 2 Wordpress, Wp Messiah | 2 Wordpress, Wordpress Coming Soon Plugin | 2026-01-05 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon Plugin allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Coming Soon Plugin: from n/a through 1.0.4. | ||||
| CVE-2025-63021 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetipi Valenti Engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through 1.0.3. | ||||
| CVE-2025-62874 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6. | ||||
| CVE-2025-53235 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osuthorpe Easy Social allows Reflected XSS.This issue affects Easy Social: from n/a through 1.3. | ||||
| CVE-2025-23667 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christopher Churchill allows Reflected XSS.This issue affects custom-post-edit: from n/a through 1.0.4. | ||||
| CVE-2025-66150 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through 1.1.1. | ||||
| CVE-2025-23757 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proloy Chakroborty ZD Scribd iPaper allows Reflected XSS.This issue affects ZD Scribd iPaper: from n/a through 1.0. | ||||
| CVE-2025-31054 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. | ||||
| CVE-2025-50053 | 3 Google, Nebelhorn, Wordpress | 3 Android, Blappsta Mobile App Plugin, Wordpress | 2026-01-05 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin & Your native, mobile iPhone App and Android App allows Reflected XSS.This issue affects Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App: from n/a through 0.8.8.8. | ||||
| CVE-2025-66149 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove UnGrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through 3.1.3. | ||||
| CVE-2025-66144 | 2 Merkulove, Wordpress | 2 Worker For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Worker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through 1.0.10. | ||||