Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11698 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30432 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider - Slider for your block editor allows Stored XSS.This issue affects B Slider - Slider for your block editor: from n/a through 1.1.12. | ||||
| CVE-2024-37208 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7. | ||||
| CVE-2023-33998 | 2 Cybernetikz, Wordpress | 2 Easy Social Icons, Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in cybernetikz Easy Social Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Icons: from n/a through 3.2.5. | ||||
| CVE-2024-29933 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. | ||||
| CVE-2025-31550 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.8 Medium |
| Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3. | ||||
| CVE-2023-30476 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2. | ||||
| CVE-2023-46079 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9. | ||||
| CVE-2023-47842 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | ||||
| CVE-2024-33934 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Mini Loops allows Stored XSS.This issue affects Mini Loops: from n/a through 1.4.1. | ||||
| CVE-2024-33917 | 2 Webtechideas, Wordpress | 2 Wti Like Post, Wordpress | 2025-07-13 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6. | ||||
| CVE-2024-35710 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3. | ||||
| CVE-2024-32591 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniele De Rosa Backend Designer allows Stored XSS.This issue affects Backend Designer: from n/a through 1.3. | ||||
| CVE-2024-34368 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through 4.15.12. | ||||
| CVE-2024-34574 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1. | ||||
| CVE-2024-30489 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75. | ||||
| CVE-2024-34797 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through 1.3.5. | ||||
| CVE-2024-35642 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2. | ||||
| CVE-2024-33628 | 2 Wordpress, Xforwoocommerce | 2 Wordpress, Xforwoocommerce | 2025-07-13 | 8.8 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0.2. | ||||
| CVE-2023-23726 | 2 Tickera, Wordpress | 2 Tickera, Wordpress | 2025-07-13 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0. | ||||
| CVE-2023-41134 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3. | ||||