Filtered by vendor Wordpress Subscriptions
Total 5520 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-22687 2 Asmedia, Wordpress 2 Tuaug4, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through 1.4.
CVE-2025-22739 2 Thimpress, Wordpress 2 Learnpress, Wordpress 2025-07-12 5.3 Medium
Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5.
CVE-2025-22773 2 Wordpress, Wpchill 2 Wordpress, Htaccess File Editor 2025-07-12 5.3 Medium
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through 1.0.19.
CVE-2025-22786 2 Elementinvader, Wordpress 2 Elementinvader Addons For Elementor, Wordpress 2025-07-12 7.5 High
Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6.
CVE-2025-22796 2 Platcom, Wordpress 2 Wp-asambleas, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in platcom WP-Asambleas allows Reflected XSS. This issue affects WP-Asambleas: from n/a through 2.85.0.
CVE-2025-22801 2 Hasthemes, Wordpress 2 Free Woocommerce Theme 99fy Extension, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Free WooCommerce Theme 99fy Extension allows Stored XSS.This issue affects Free WooCommerce Theme 99fy Extension: from n/a through 1.2.8.
CVE-2025-23453 2 Myriad Solutionz, Wordpress 2 Stars Smtp Mailer, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Myriad Solutionz Stars SMTP Mailer allows Reflected XSS.This issue affects Stars SMTP Mailer: from n/a through 1.7.
CVE-2025-23477 2 Realty Workstation, Wordpress 2 Realty Workstation, Wordpress 2025-07-12 8.2 High
Missing Authorization vulnerability in Realty Workstation Realty Workstation allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Realty Workstation: from n/a through 1.0.45.
CVE-2025-23507 2 Blrt, Wordpress 2 Blrt Wp Embed, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blrt Blrt WP Embed allows Reflected XSS. This issue affects Blrt WP Embed: from n/a through 1.6.9.
CVE-2025-23629 2 Subhasis Laha, Wordpress 2 Gallerio, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Subhasis Laha Gallerio allows Reflected XSS. This issue affects Gallerio: from n/a through 1.0.1.
CVE-2025-23765 2 W3speedster, Wordpress 2 W3speedster, Wordpress 2025-07-12 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33.
CVE-2025-23987 2 Codegearthemes, Wordpress 2 Designer, Wordpress 2025-07-12 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0.
CVE-2025-24588 2 Patreon, Wordpress 2 Patreon Wordpress, Wordpress 2025-07-12 6.5 Medium
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.
CVE-2025-24599 2 Tribulant, Wordpress 2 Newsletters, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6.
CVE-2025-24615 2 Fatcatapps, Wordpress 2 Analytics Cat, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat allows Reflected XSS. This issue affects Analytics Cat: from n/a through 1.1.2.
CVE-2025-24621 2 Tychesoftwares, Wordpress 2 Arconix Shortcodes, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.15.
CVE-2025-24626 2 Codepeople, Wordpress 2 Music Store, Wordpress 2025-07-12 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19.
CVE-2025-24672 2 Codepeople, Wordpress 2 Form Builder Cp, Wordpress 2025-07-12 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodePeople Form Builder CP allows SQL Injection. This issue affects Form Builder CP: from n/a through 1.2.41.
CVE-2025-24689 2 Codection, Wordpress 2 Import And Export Users And Customers, Wordpress 2025-07-12 5.9 Medium
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12.
CVE-2025-24695 2 Hasthemes, Wordpress 2 Extensions For Cf7, Wordpress 2025-07-12 4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery. This issue affects Extensions For CF7: from n/a through 3.2.0.