Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48352 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sitesearch-yandex Yandex Site search pinger yandex-pinger allows Stored XSS.This issue affects Yandex Site search pinger: from n/a through <= 1.5. | ||||
| CVE-2025-13153 | 2 Logo Slider Wordpress, Wordpress | 2 Logo Slider Wordpress, Wordpress | 2026-04-15 | 6.1 Medium |
| The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-69385 | 2 Agnihd, Wordpress | 2 Cartify - Woocommerce Gutenberg Wordpress Theme, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2025-69386 | 2 Realvirtualmx, Wordpress | 2 Rvcfdi Para Woocommerce, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realvirtualmx RVCFDI para Woocommerce rvcfdi-para-woocommerce allows Reflected XSS.This issue affects RVCFDI para Woocommerce: from n/a through <= 8.1.8. | ||||
| CVE-2025-69389 | 2 Hugh Mungus, Wordpress | 2 Visitor Maps Extended Referer Field, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Visitor Maps Extended Referer Field visitor-maps-extended-referer-field allows Reflected XSS.This issue affects Visitor Maps Extended Referer Field: from n/a through <= 1.2.6. | ||||
| CVE-2025-2167 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list' shortcodes in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48361 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Retrieve Embedded Sensitive Data.This issue affects Hesabfa Accounting: from n/a through <= 2.2.5. | ||||
| CVE-2025-22725 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Stored XSS.This issue affects WP Virtual Assistant: from n/a through <= 3.1. | ||||
| CVE-2025-11269 | 2 Woobewoo, Wordpress | 2 Product Filter, Wordpress | 2026-04-15 | 5.3 Medium |
| The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings. | ||||
| CVE-2025-69390 | 2 Themebon, Wordpress | 2 Business Template Blocks For Wpbakery (visual Composer) Page Builder, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Business Template Blocks for WPBakery (Visual Composer) Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for WPBakery (Visual Composer) Page Builder: from n/a through <= 1.3.2. | ||||
| CVE-2025-69391 | 2 Gt3themes, Wordpress | 2 Diamond, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through <= 2.4.8. | ||||
| CVE-2025-69395 | 2 Themerex, Wordpress | 2 Gable, Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gable gable allows PHP Local File Inclusion.This issue affects Gable: from n/a through <= 1.5. | ||||
| CVE-2024-54426 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in crossfitatgg LeaderBoard Plugin leaderboard-lite allows Stored XSS.This issue affects LeaderBoard Plugin: from n/a through <= 1.2.4. | ||||
| CVE-2025-22746 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zartis HireHive Job Plugin zartis-job-plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through <= 2.9.0. | ||||
| CVE-2025-69396 | 2 Themerex, Wordpress | 2 Splendour, Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Splendour splendour allows PHP Local File Inclusion.This issue affects Splendour: from n/a through <= 1.23. | ||||
| CVE-2025-69397 | 2 Themerex, Wordpress | 2 Tint, Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tint tint allows PHP Local File Inclusion.This issue affects Tint: from n/a through <= 1.7. | ||||
| CVE-2025-69400 | 2 Themerex, Wordpress | 2 Yokoo, Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yokoo yokoo allows PHP Local File Inclusion.This issue affects Yokoo: from n/a through <= 1.1.11. | ||||
| CVE-2025-69403 | 2 Bravis-themes, Wordpress | 2 Bravis Addons, Wordpress | 2026-04-15 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through <= 1.3.0. | ||||
| CVE-2025-39399 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashraful Sarkar Naiem License For Envato license-envato allows PHP Local File Inclusion.This issue affects License For Envato: from n/a through <= 1.0.0. | ||||
| CVE-2025-15021 | 2 Gothamdev, Wordpress | 2 Gotham Block Extra Light, Wordpress | 2026-04-15 | 4.4 Medium |
| The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||