Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
6018 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58917 | 3 Nick Verwymeren, Woocommerce, Wordpress | 3 Quantities And Units For Woocommerce, Woocommerce, Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Verwymeren Quantities and Units for WooCommerce allows Stored XSS. This issue affects Quantities and Units for WooCommerce: from n/a through 1.0.13. | ||||
| CVE-2025-60040 | 2 Fkrauthan, Wordpress | 2 Wp-mpdf, Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fkrauthan wp-mpdf allows Stored XSS. This issue affects wp-mpdf: from n/a through 3.9.1. | ||||
| CVE-2025-60092 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2025-09-29 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. | ||||
| CVE-2025-60093 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2025-09-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24. | ||||
| CVE-2025-60094 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in Benjamin Intal Stackable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stackable: from n/a through 3.18.1. | ||||
| CVE-2025-60095 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable allows Retrieve Embedded Sensitive Data. This issue affects Stackable: from n/a through 3.18.1. | ||||
| CVE-2025-60096 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem (Elementor) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem (Elementor): from n/a through 5.10.5. | ||||
| CVE-2025-60097 | 2 Codexthemes, Wordpress | 2 Thegem, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem: from n/a through 5.10.5. | ||||
| CVE-2025-60098 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.5 Medium |
| Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12. | ||||
| CVE-2025-60101 | 2 Woostify, Wordpress | 2 Woostify Theme, Wordpress | 2025-09-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Woostify Woostify allows Stored XSS. This issue affects Woostify: from n/a through 2.4.2. | ||||
| CVE-2025-60100 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2025-09-29 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore allows Code Injection. This issue affects XStore: from n/a through 9.5.3. | ||||
| CVE-2025-60103 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8. | ||||
| CVE-2025-60104 | 2 Jordy Meow, Wordpress | 2 Gallery Custom Links, Wordpress | 2025-09-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery Custom Links allows Stored XSS. This issue affects Gallery Custom Links: from n/a through 2.2.5. | ||||
| CVE-2025-60106 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.9 Medium |
| Missing Authorization vulnerability in Roxnor EmailKit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EmailKit: from n/a through 1.6.0. | ||||
| CVE-2025-27006 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeplugs Authorsy allows Stored XSS. This issue affects Authorsy: from n/a through 1.0.5. | ||||
| CVE-2025-60109 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider allows Blind SQL Injection. This issue affects LambertGroup - AllInOne - Content Slider: from n/a through 3.8. | ||||
| CVE-2025-60112 | 3 Athemes, Elementor, Wordpress | 3 Athemes Addons For Elementor, Elementor, Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi aThemes Addons for Elementor allows Stored XSS. This issue affects aThemes Addons for Elementor: from n/a through 1.1.3. | ||||
| CVE-2025-48326 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.5 Medium |
| Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acclectic Media Organizer: from n/a through 1.4. | ||||
| CVE-2025-60099 | 2 Awsm, Wordpress | 2 Embed Any Document, Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awsm.in Embed Any Document allows Stored XSS. This issue affects Embed Any Document: from n/a through 2.7.7. | ||||
| CVE-2025-9490 | 2 Popup Maker, Wordpress | 2 Popup Maker Wp, Wordpress | 2025-09-29 | 6.4 Medium |
| The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.20.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||