Filtered by vendor Wordpress
Subscriptions
Total
11498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32726 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2. | ||||
| CVE-2024-6532 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWT_Sheet_Table shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-34809 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21. | ||||
| CVE-2024-4034 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-3749 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cal_size’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-32432 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1. | ||||
| CVE-2023-35875 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5. | ||||
| CVE-2024-13731 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12592 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-30449 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Activities Team Booking Activities allows Reflected XSS.This issue affects Booking Activities: from n/a through 1.15.19. | ||||
| CVE-2024-1780 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.1 Medium |
| The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-26872 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. | ||||
| CVE-2023-32593 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7. | ||||
| CVE-2024-11433 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12333 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2025-07-13 | 6.5 Medium |
| The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-9885 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13686 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vw_storefront_reset_all_settings() function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the themes settings. | ||||
| CVE-2024-34382 | 2 Robosoft, Wordpress | 2 Robo Gallery, Wordpress | 2025-07-13 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. | ||||
| CVE-2024-4546 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-38679 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yongki Agustinus Animated Typed JS Shortcode allows Stored XSS.This issue affects Animated Typed JS Shortcode: from n/a through 2.0. | ||||