Filtered by vendor Wordpress
Subscriptions
Total
8291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26873 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in Shine theme Traveler.This issue affects Traveler: from n/a before 3.2.1. | ||||
| CVE-2024-2948 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user_favorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'no_favorites'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-32135 | 2 Rocketelements, Wordpress | 2 Split Test For Elementor, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rocketelements Split Test For Elementor allows Stored XSS. This issue affects Split Test For Elementor: from n/a through 1.8.3. | ||||
| CVE-2025-32146 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2025-07-12 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-32196 | 2 Blazethemes, Wordpress | 2 News Kit Elementor Addons, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons allows Stored XSS. This issue affects News Kit Elementor Addons: from n/a through 1.3.1. | ||||
| CVE-2025-32221 | 2 Spider-themes, Wordpress | 2 Eazydocs, Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Spider Themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EazyDocs: from n/a through 2.6.4. | ||||
| CVE-2025-32227 | 2 Asgaros, Wordpress | 2 Asgaros Forum, Wordpress | 2025-07-12 | 4.3 Medium |
| Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing. This issue affects Asgaros Forum: from n/a through 3.0.0. | ||||
| CVE-2025-32230 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2025-07-12 | 4.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0. | ||||
| CVE-2025-32232 | 2 Era404, Wordpress | 2 Stafflist, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in ERA404 StaffList allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaffList: from n/a through 3.2.6. | ||||
| CVE-2025-32249 | 2 Designinvento, Wordpress | 2 Directorypress, Wordpress | 2025-07-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery. This issue affects DirectoryPress: from n/a through 3.6.19. | ||||
| CVE-2025-32255 | 2 Era404, Wordpress | 2 Stafflist, Wordpress | 2025-07-12 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data. This issue affects StaffList: from n/a through 3.2.6. | ||||
| CVE-2025-32493 | 2 Vibethemes, Wordpress | 2 Bp Social Connect, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect allows Stored XSS. This issue affects BP Social Connect: from n/a through 1.6.2. | ||||
| CVE-2025-32542 | 2 Eazyplugins, Wordpress | 2 Eazy Plugin Manager, Wordpress | 2025-07-12 | 8.8 High |
| Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eazy Plugin Manager: from n/a through 4.3.0. | ||||
| CVE-2025-32553 | 2 Magnigenie, Wordpress | 2 Restropress, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4. | ||||
| CVE-2025-32554 | 2 Raptive, Wordpress | 2 Raptive Ads, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.7.3. | ||||
| CVE-2025-32577 | 2 Hakeemnala, Wordpress | 2 Build App Online, Wordpress | 2025-07-12 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23. | ||||
| CVE-2025-32610 | 2 Foliovision, Wordpress | 2 Foliopress Wysiwyg, Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Foliovision: Making the web work for you Foliopress WYSIWYG allows Cross Site Request Forgery. This issue affects Foliopress WYSIWYG: from n/a through 2.6.18. | ||||
| CVE-2025-32613 | 2 Bowo, Wordpress | 2 Debug Log Manager, Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS. This issue affects Debug Log Manager: from n/a through 2.3.4. | ||||
| CVE-2025-32665 | 2 Webbytemplate, Wordpress | 2 Office Locator, Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0. | ||||
| CVE-2025-3063 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||