Filtered by vendor Wordpress Subscriptions
Total 5562 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-33538 1 Wordpress 1 Wordpress 2025-07-12 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1.
CVE-2025-26873 1 Wordpress 1 Wordpress 2025-07-12 9 Critical
Deserialization of Untrusted Data vulnerability in Shine theme Traveler.This issue affects Traveler: from n/a before 3.2.1.
CVE-2024-2948 1 Wordpress 1 Wordpress 2025-07-12 7.2 High
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user_favorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'no_favorites'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-32135 2 Rocketelements, Wordpress 2 Split Test For Elementor, Wordpress 2025-07-12 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rocketelements Split Test For Elementor allows Stored XSS. This issue affects Split Test For Elementor: from n/a through 1.8.3.
CVE-2025-32146 2 Joomsky, Wordpress 2 Js Job Manager, Wordpress 2025-07-12 8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2025-32196 2 Blazethemes, Wordpress 2 News Kit Elementor Addons, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons allows Stored XSS. This issue affects News Kit Elementor Addons: from n/a through 1.3.1.
CVE-2025-32221 2 Spider-themes, Wordpress 2 Eazydocs, Wordpress 2025-07-12 5.4 Medium
Missing Authorization vulnerability in Spider Themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EazyDocs: from n/a through 2.6.4.
CVE-2025-32227 2 Asgaros, Wordpress 2 Asgaros Forum, Wordpress 2025-07-12 4.3 Medium
Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing. This issue affects Asgaros Forum: from n/a through 3.0.0.
CVE-2025-32230 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2025-07-12 4.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0.
CVE-2025-32232 2 Era404, Wordpress 2 Stafflist, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in ERA404 StaffList allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaffList: from n/a through 3.2.6.
CVE-2025-32249 2 Designinvento, Wordpress 2 Directorypress, Wordpress 2025-07-12 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in designinvento DirectoryPress allows Cross Site Request Forgery. This issue affects DirectoryPress: from n/a through 3.6.19.
CVE-2025-32255 2 Era404, Wordpress 2 Stafflist, Wordpress 2025-07-12 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ERA404 StaffList allows Retrieve Embedded Sensitive Data. This issue affects StaffList: from n/a through 3.2.6.
CVE-2025-32493 2 Vibethemes, Wordpress 2 Bp Social Connect, Wordpress 2025-07-12 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes BP Social Connect allows Stored XSS. This issue affects BP Social Connect: from n/a through 1.6.2.
CVE-2025-32542 2 Eazyplugins, Wordpress 2 Eazy Plugin Manager, Wordpress 2025-07-12 8.8 High
Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eazy Plugin Manager: from n/a through 4.3.0.
CVE-2025-32553 2 Magnigenie, Wordpress 2 Restropress, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4.
CVE-2025-32554 2 Raptive, Wordpress 2 Raptive Ads, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.7.3.
CVE-2025-32577 2 Hakeemnala, Wordpress 2 Build App Online, Wordpress 2025-07-12 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. This issue affects Build App Online: from n/a through 1.0.23.
CVE-2025-32610 2 Foliovision, Wordpress 2 Foliopress Wysiwyg, Wordpress 2025-07-12 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Foliovision: Making the web work for you Foliopress WYSIWYG allows Cross Site Request Forgery. This issue affects Foliopress WYSIWYG: from n/a through 2.6.18.
CVE-2025-32613 2 Bowo, Wordpress 2 Debug Log Manager, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS. This issue affects Debug Log Manager: from n/a through 2.3.4.
CVE-2025-32665 2 Webbytemplate, Wordpress 2 Office Locator, Wordpress 2025-07-12 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0.