Filtered by vendor Wordpress
Subscriptions
Total
11922 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53342 | 2 Goodlayers, Wordpress | 2 Modernize, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize modernize allows Stored XSS.This issue affects Modernize: from n/a through <= 3.4.0. | ||||
| CVE-2025-26992 | 2 Fatcatapps, Wordpress | 2 Landing Page Cat, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.8. | ||||
| CVE-2025-53430 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Etta etta allows PHP Local File Inclusion.This issue affects Etta: from n/a through <= 1.14.0. | ||||
| CVE-2025-53432 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Echo echo allows PHP Local File Inclusion.This issue affects Echo: from n/a through <= 1.15.0. | ||||
| CVE-2025-27002 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5. | ||||
| CVE-2024-32582 | 2 Bowo, Wordpress | 2 Debug Log Manager, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2.3.1. | ||||
| CVE-2025-54054 | 2 Aa Web Servant, Wordpress | 2 12 Step Meeting List, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Stored XSS.This issue affects 12 Step Meeting List: from n/a through <= 3.18.3. | ||||
| CVE-2025-6572 | 3 Openstreetmap, Wordpress, Wpbakery | 4 Openstreetmap, Wordpress, Page Builder and 1 more | 2026-04-15 | 5.9 Medium |
| The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-23560 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in plumwd Web Testimonials web-testimonials allows Stored XSS.This issue affects Web Testimonials: from n/a through <= 1.2. | ||||
| CVE-2025-54667 | 2 Mycred, Wordpress | 2 Mycred, Wordpress | 2026-04-15 | N/A |
| Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects myCred: from n/a through <= 2.9.4.3. | ||||
| CVE-2025-54672 | 2 Jordy Meow, Wordpress | 2 Photo Engine, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through <= 6.4.3. | ||||
| CVE-2025-66079 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0. | ||||
| CVE-2024-53715 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map simple-travel-map allows Stored XSS.This issue affects Simple Travel Map: from n/a through <= 0.1. | ||||
| CVE-2025-68842 | 2 Totalbounty, Wordpress | 2 Widget Logic Visual, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through <= 1.52. | ||||
| CVE-2025-66085 | 2 Tychesoftwares, Wordpress | 2 Arconix Shortcodes, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix Shortcodes: from n/a through <= 2.1.18. | ||||
| CVE-2025-68844 | 2 Daleab, Wordpress | 2 Membee Login, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaleAB Membee Login membees-member-login-widget allows Reflected XSS.This issue affects Membee Login: from n/a through <= 2.3.6. | ||||
| CVE-2025-68847 | 2 Itex, Wordpress | 2 Isape, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iSape isape allows Reflected XSS.This issue affects iSape: from n/a through <= 0.72. | ||||
| CVE-2024-31929 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iain Poulson Intagrate Lite instagrate-to-wordpress.This issue affects Intagrate Lite: from n/a through <= 1.3.7. | ||||
| CVE-2025-66110 | 2 Bplugins, Wordpress | 2 Tiktok Feed Plugin, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.0.23. | ||||
| CVE-2024-32126 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters Navigation menu as Dropdown Widget navigation-menu-as-dropdown-widget.This issue affects Navigation menu as Dropdown Widget: from n/a through <= 1.3.4. | ||||