Filtered by vendor Wordpress
Subscriptions
Total
5584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48335 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9. | ||||
| CVE-2025-47507 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search allows DOM-Based XSS. This issue affects Better Search: from n/a through 4.1.0. | ||||
| CVE-2024-54237 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0. | ||||
| CVE-2023-28689 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0. | ||||
| CVE-2024-32561 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagembed allows Stored XSS.This issue affects Tagembed: from n/a through 4.7. | ||||
| CVE-2024-51875 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmul Ahsan MDC YouTube Downloader allows DOM-Based XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0. | ||||
| CVE-2024-33935 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB MailCrypt allows Stored XSS.This issue affects PB MailCrypt: from n/a through 3.1.0. | ||||
| CVE-2025-23665 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Rapid Sort RSV GMaps allows Stored XSS.This issue affects RSV GMaps: from n/a through 1.5. | ||||
| CVE-2025-23430 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through 1.5. | ||||
| CVE-2024-54331 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3. | ||||
| CVE-2025-26746 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Advanced Custom Fields: Link Picker Field allows Reflected XSS. This issue affects Advanced Custom Fields: Link Picker Field: from n/a through 1.2.8. | ||||
| CVE-2024-52455 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoQSystem Inc. GoQSmile allows Reflected XSS.This issue affects GoQSmile: from n/a through 1.0.1. | ||||
| CVE-2024-56011 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov | IMBAA GmbH Responsive Google Maps | by imbaa allows Stored XSS.This issue affects Responsive Google Maps | by imbaa: from n/a through 1.2.5. | ||||
| CVE-2025-3750 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_height’ parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-22499 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Post Tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through 1.1.18. | ||||
| CVE-2025-22365 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3. | ||||
| CVE-2025-32543 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hivedigital Canonical Attachments allows Reflected XSS. This issue affects Canonical Attachments: from n/a through 1.7. | ||||
| CVE-2024-13712 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.9 Medium |
| The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-37431 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Horea Radu Mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through 1.6.120. | ||||
| CVE-2025-47603 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo allows Path Traversal. This issue affects belingoGeo: from n/a through 1.12.0. | ||||