Filtered by vendor Wordpress
Subscriptions
Total
11498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31743 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed allows Stored XSS.This issue affects Lightweight and Responsive Youtube Embed: from n/a through <= 1.0.0. | ||||
| CVE-2025-31742 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelDima Dima Take Action dima-take-action allows Stored XSS.This issue affects Dima Take Action: from n/a through <= 1.0.5. | ||||
| CVE-2025-31741 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filtr8 Easy Magazine filtr8-magazine allows DOM-Based XSS.This issue affects Easy Magazine: from n/a through <= 2.1.13. | ||||
| CVE-2025-31738 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yazamodeveloper LeadQuizzes leadquizzes allows Stored XSS.This issue affects LeadQuizzes: from n/a through <= 1.1.0. | ||||
| CVE-2025-31737 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dxladner Client Showcase client-showcase allows Stored XSS.This issue affects Client Showcase: from n/a through <= 1.2.0. | ||||
| CVE-2025-31736 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in richtexteditor Rich Text Editor richtexteditor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rich Text Editor: from n/a through <= 1.0.1. | ||||
| CVE-2025-31733 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap wpsitemap allows Stored XSS.This issue affects WP Sitemap: from n/a through <= 1.0.0. | ||||
| CVE-2025-31731 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip John Author Bio Shortcode author-bio-shortcode allows Stored XSS.This issue affects Author Bio Shortcode: from n/a through <= 2.5.3. | ||||
| CVE-2025-31730 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Marketer Addons marketer-addons allows Stored XSS.This issue affects Marketer Addons: from n/a through <= 1.0.1. | ||||
| CVE-2025-31641 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider uber-classic allows SQL Injection.This issue affects UberSlider: from n/a through < 2.6. | ||||
| CVE-2025-31637 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows SQL Injection.This issue affects SHOUT: from n/a through <= 3.5.3. | ||||
| CVE-2025-31629 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Allred Infusionsoft Web Form JavaScript infusionsoft-web-form-javascript allows Stored XSS.This issue affects Infusionsoft Web Form JavaScript: from n/a through <= 1.1.1. | ||||
| CVE-2025-31628 | 2 Slicedinvoices, Wordpress | 2 Sliced Invoices, Wordpress | 2026-04-01 | N/A |
| Missing Authorization vulnerability in SlicedInvoices Sliced Invoices sliced-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliced Invoices: from n/a through <= 3.10.0. | ||||
| CVE-2025-31626 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem Support Helpdesk Ticket System Lite ticket-help-desk-system-lite allows Reflected XSS.This issue affects Support Helpdesk Ticket System Lite: from n/a through <= 4.5.2. | ||||
| CVE-2025-31625 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence useinfluence allows Stored XSS.This issue affects Useinfluence: from n/a through <= 1.0.8. | ||||
| CVE-2025-31623 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor richtexteditor allows Stored XSS.This issue affects Rich Text Editor: from n/a through <= 1.0.1. | ||||
| CVE-2025-31622 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Utkarsh Kukreti Advanced Typekit advanced-typekit allows Stored XSS.This issue affects Advanced Typekit: from n/a through <= 1.0.1. | ||||
| CVE-2025-31621 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpaulsson byBrick Accordion bybrick-accordion allows Stored XSS.This issue affects byBrick Accordion: from n/a through <= 1.0. | ||||
| CVE-2025-31620 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carperfer CoverManager covermanager allows Stored XSS.This issue affects CoverManager: from n/a through <= 0.0.1. | ||||
| CVE-2025-31619 | 2 Marcoingraiti, Wordpress | 2 Actionwear Products Sync, Wordpress | 2026-04-01 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through <= 2.3.3. | ||||