Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
7189 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40001 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13. | ||||
| CVE-2024-11133 | 2 Imithemes, Wordpress | 2 Eventer, Wordpress | 2025-07-13 | 5.3 Medium |
| The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets. | ||||
| CVE-2024-11928 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.4 Medium |
| The iChart – Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23827 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Strx Strx Magic Floating Sidebar Maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through 1.4.1. | ||||
| CVE-2024-53734 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Idealien Category Enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through 1.2. | ||||
| CVE-2024-13557 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2025-47458 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools allows Reflected XSS. This issue affects B2i Investor Tools: from n/a through 1.0.7.9. | ||||
| CVE-2025-23989 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi - SabLab Internal Link Builder allows Cross Site Request Forgery. This issue affects Internal Link Builder: from n/a through 1.0. | ||||
| CVE-2024-47356 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1. | ||||
| CVE-2025-24561 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in ReviewsTap ReviewsTap allows Stored XSS. This issue affects ReviewsTap: from n/a through 1.1.2. | ||||
| CVE-2024-55985 | 2 Wordpress, Ydesignservices | 2 Wordpress, Yds Support Ticket System | 2025-07-13 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through 1.0. | ||||
| CVE-2024-54401 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advanced Fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through 1.1.1. | ||||
| CVE-2024-3473 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.1 Medium |
| The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-30619 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe allows Cross Site Request Forgery. This issue affects SpeakPipe: from n/a through 0.2. | ||||
| CVE-2025-23764 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6. | ||||
| CVE-2024-32581 | 2 Lenderd, Wordpress | 2 Mortgage Calculators Wp, Wordpress | 2025-07-13 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lenderd Mortgage Calculators WP allows Stored XSS.This issue affects Mortgage Calculators WP: from n/a through 1.56. | ||||
| CVE-2025-30887 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.2.9. | ||||
| CVE-2024-32784 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in CookieHub.This issue affects CookieHub: from n/a through 1.1.0. | ||||
| CVE-2025-47523 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Lukáš Hartmann Seznam Webmaster allows Cross Site Request Forgery. This issue affects Seznam Webmaster: from n/a through 1.4.7. | ||||
| CVE-2025-22502 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through 1.1. | ||||