Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
5161 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13011 | 1 Wordpress | 1 Wordpress | 2025-02-12 | 9.8 Critical |
| The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-25072 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0. | ||||
| CVE-2025-25082 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Chirkov FlexIDX Home Search allows Stored XSS. This issue affects FlexIDX Home Search: from n/a through 2.1.2. | ||||
| CVE-2025-25073 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1. | ||||
| CVE-2025-1061 | 2 Nextendweb, Wordpress | 2 Nextend Social Login Pro, Wordpress | 2025-02-07 | 9.8 Critical |
| The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
| CVE-2025-25085 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather allows Stored XSS. This issue affects WP SimpleWeather: from n/a through 0.2.5. | ||||
| CVE-2025-25096 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titusbicknell RSS in Page allows Stored XSS. This issue affects RSS in Page: from n/a through 2.9.1. | ||||
| CVE-2025-25095 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1. | ||||
| CVE-2025-25093 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path Traversal. This issue affects Child Themes Helper: from n/a through 2.2.7. | ||||
| CVE-2025-25104 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20. | ||||
| CVE-2025-25080 | 2 Gubbigubbi, Wordpress | 2 Kona Gallery Block, Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7. | ||||
| CVE-2025-25081 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 4.2 Medium |
| Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1. | ||||
| CVE-2025-25088 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5. | ||||
| CVE-2025-25097 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1. | ||||
| CVE-2025-25106 | 2 Fancywp, Wordpress | 2 Starter Templates, Wordpress | 2025-02-07 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0. | ||||
| CVE-2025-25107 | 2 Sainwp, Wordpress | 2 Onestore Sites, Wordpress | 2025-02-07 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1. | ||||
| CVE-2025-25101 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7. | ||||
| CVE-2025-25105 | 1 Wordpress | 1 Wordpress | 2025-02-07 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1. | ||||
| CVE-2024-13607 | 1 Wordpress | 1 Wordpress | 2025-02-04 | 4.3 Medium |
| The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user. | ||||
| CVE-2024-13514 | 1 Wordpress | 1 Wordpress | 2025-02-04 | 4.3 Medium |
| The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to. | ||||