Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
5515 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37887 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7. | ||||
| CVE-2024-55972 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Carvache eTemplates allows SQL Injection.This issue affects eTemplates: from n/a through 0.2.1. | ||||
| CVE-2024-51649 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize allows Stored XSS.This issue affects Mobilize: from n/a through 3.0.7. | ||||
| CVE-2023-44235 | 2 Devnath Verma, Wordpress | 2 Wp Captcha, Wordpress | 2025-07-12 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Devnath verma WP Captcha allows Functionality Bypass.This issue affects WP Captcha: from n/a through 2.0.0. | ||||
| CVE-2024-56067 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3. | ||||
| CVE-2025-31831 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Team AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AtomChat: from n/a through 1.1.6. | ||||
| CVE-2025-2935 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.php' and 'ss_user_filter_list' files. This makes it possible for unauthenticated attackers to delete pending comments, and re-enable a previously blocked user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-23642 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pflonk Sidebar-Content from Shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through 2.0. | ||||
| CVE-2024-51824 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sony7596, mrseankumar25, miraclewebssoft Advanced Video Player with Analytics allows DOM-Based XSS.This issue affects Advanced Video Player with Analytics: from n/a through 1. | ||||
| CVE-2024-51614 | 2 Aajoda, Wordpress | 2 Aajoda Testimonials, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aajoda Aajoda Testimonials allows Stored XSS.This issue affects Aajoda Testimonials: from n/a through 2.2.2. | ||||
| CVE-2024-34805 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0. | ||||
| CVE-2025-23735 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cosmin Schiopu Infugrator allows Reflected XSS. This issue affects Infugrator: from n/a through 1.0.3. | ||||
| CVE-2023-46610 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in quillforms.com Quill Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quill Forms: from n/a through 3.3.0. | ||||
| CVE-2025-31458 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in forsgren Video Embedder allows Stored XSS. This issue affects Video Embedder: from n/a through 1.7.1. | ||||
| CVE-2024-8324 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-31898 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MediaView allows Reflected XSS. This issue affects MediaView: from n/a through 1.1.2. | ||||
| CVE-2024-4356 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-51928 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakir Hasan Blocks Post Grid allows DOM-Based XSS.This issue affects Blocks Post Grid: from n/a through 1.0.3. | ||||
| CVE-2023-47689 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Toast Plugins Animator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animator: from n/a through 3.0.10. | ||||
| CVE-2025-27313 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bernd Altmeier Google Maps GPX Viewer allows Reflected XSS. This issue affects Google Maps GPX Viewer: from n/a through 3.6. | ||||