Filtered by vendor Wordpress
Subscriptions
Total
5527 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46510 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact Form 7 Calendar allows Stored XSS. This issue affects Contact Form 7 Calendar: from n/a through 3.0.1. | ||||
| CVE-2025-32240 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in NotFound Site Notify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Notify: from n/a through 1.0. | ||||
| CVE-2024-4410 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others. | ||||
| CVE-2025-46452 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1. | ||||
| CVE-2024-52485 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2. | ||||
| CVE-2024-54423 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through 1.1. | ||||
| CVE-2024-51695 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fabrica Fabrica Synced Pattern Instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through 1.0.8. | ||||
| CVE-2025-23955 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6. | ||||
| CVE-2024-51864 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agnel Waghela Shortcode Collection allows Stored XSS.This issue affects Shortcode Collection: from n/a through 1.4. | ||||
| CVE-2025-26586 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Events Planner allows Reflected XSS. This issue affects Events Planner: from n/a through 1.3.10. | ||||
| CVE-2025-31591 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promoz73 Exit Popup Free allows Stored XSS. This issue affects Exit Popup Free: from n/a through 1.0. | ||||
| CVE-2024-52385 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sk. Abul Hasan Team Member.This issue affects Team Member: from n/a through 7.3. | ||||
| CVE-2025-27281 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu allows Blind SQL Injection. This issue affects All In Menu: from n/a through 1.1.5. | ||||
| CVE-2024-54300 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Neuralabz LTD. AutoWP allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through 2.0.8. | ||||
| CVE-2024-2030 | 2 Crmperks, Wordpress | 2 Database For Contact Form 7, Wpforms, Elementor Forms, Wordpress | 2025-07-12 | 6.4 Medium |
| The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-52451 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.2 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Aaron Robbins Post Ideas allows SQL Injection.This issue affects Post Ideas: from n/a through 2. | ||||
| CVE-2024-51932 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saif Bin-Alam Kings Tab Slider allows DOM-Based XSS.This issue affects Kings Tab Slider: from n/a through 1.0. | ||||
| CVE-2025-30815 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.1.8. | ||||
| CVE-2025-31744 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed allows Stored XSS. This issue affects Lightweight and Responsive Youtube Embed: from n/a through 1.0.0. | ||||
| CVE-2024-43268 | 2 Wordpress, Wpbackitup | 2 Wordpress, Backup And Restore Wordpress | 2025-07-12 | 5.4 Medium |
| Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50. | ||||