Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Total 5144 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-34568	2 Themeqx, Wordpress	2 Letterpress, Wordpress	2024-11-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1.
CVE-2024-34442	1 Wordpress	1 Wordpress	2024-11-21	5.3 Medium
Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.
CVE-2024-34416	1 Wordpress	1 Wordpress	2024-11-21	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1.
CVE-2024-34388	1 Wordpress	1 Wordpress	2024-11-21	7.5 High
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5.
CVE-2024-34378	1 Wordpress	1 Wordpress	2024-11-21	8.6 High
Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7.
CVE-2024-33956	2 Themelocation, Wordpress	2 Custom Woocommerce Checkout Fields Editor, Wordpress	2024-11-21	4.3 Medium
Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.
CVE-2024-33955	1 Wordpress	1 Wordpress	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Freesia Empire allows Stored XSS.This issue affects Freesia Empire: from n/a through 1.4.1.
CVE-2024-33953	1 Wordpress	1 Wordpress	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt van Andel Adventure Journal allows Stored XSS.This issue affects Adventure Journal: from n/a through 1.7.2.
CVE-2024-33952	1 Wordpress	1 Wordpress	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Unique allows Stored XSS.This issue affects Unique: from n/a through 0.3.0.
CVE-2024-33951	1 Wordpress	1 Wordpress	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam DeHaven Perfect Pullquotes allows Stored XSS.This issue affects Perfect Pullquotes: from n/a through 1.7.5.
CVE-2024-33950	1 Wordpress	1 Wordpress	2024-11-21	5.9 Medium
Administrator Cross Site Scripting (XSS) in Archives Calendar Widget <= 1.0.15 versions.
CVE-2024-33948	1 Wordpress	1 Wordpress	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixel Industry TweetScroll Widget allows Stored XSS.This issue affects TweetScroll Widget: from n/a through 1.3.7.
CVE-2024-33942	1 Wordpress	1 Wordpress	2024-11-21	4.3 Medium
Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2.
CVE-2024-33938	1 Wordpress	1 Wordpress	2024-11-21	6.5 Medium
Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0.
CVE-2024-33922	1 Wordpress	1 Wordpress	2024-11-21	5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in Jordy Meow WP Media Cleaner.This issue affects WP Media Cleaner: from n/a through 6.7.2.
CVE-2024-33695	1 Wordpress	1 Wordpress	2024-11-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0.
CVE-2024-33692	1 Wordpress	1 Wordpress	2024-11-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Satrya Smart Recent Posts Widget allows Stored XSS.This issue affects Smart Recent Posts Widget: from n/a through 1.0.3.
CVE-2024-33690	1 Wordpress	1 Wordpress	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3.
CVE-2024-33646	1 Wordpress	1 Wordpress	2024-11-21	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5.
CVE-2024-33645	1 Wordpress	1 Wordpress	2024-11-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eftakhairul Islam & Sirajus Salayhin Easy Set Favicon allows Reflected XSS.This issue affects Easy Set Favicon: from n/a through 1.1.

« first previous Page 239 of 258. next last »