Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
7163 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23432 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report allows Reflected XSS.This issue affects AlT Report: from n/a through 1.12.0. | ||||
| CVE-2024-54368 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0. | ||||
| CVE-2025-3670 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The KiwiChat NextClient plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-24684 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5. | ||||
| CVE-2023-48318 | 2 Codepeople, Wordpress | 2 Contact Form Email, Wordpress | 2025-07-12 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41. | ||||
| CVE-2023-52176 | 2 Miniorange, Wordpress | 2 Malware Scanner, Wordpress | 2025-07-12 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1. | ||||
| CVE-2024-6688 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update stylesheets. | ||||
| CVE-2024-4564 | 2 Codexpert, Wordpress | 2 Codesigner, Wordpress | 2025-07-12 | 6.4 Medium |
| The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-31391 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in regen Script Compressor allows Stored XSS. This issue affects Script Compressor: from n/a through 1.7.1. | ||||
| CVE-2025-22356 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies allows Reflected XSS. This issue affects Stencies: from n/a through 0.58. | ||||
| CVE-2025-23992 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leetoo Toocheke Companion allows Stored XSS. This issue affects Toocheke Companion: from n/a through 1.166. | ||||
| CVE-2024-54279 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1. | ||||
| CVE-2024-54282 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection.This issue affects WP Mega Menu: from n/a through 1.4.2. | ||||
| CVE-2025-46540 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode allows Stored XSS. This issue affects GNA Search Shortcode: from n/a through 0.9.5. | ||||
| CVE-2024-6168 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality intended for admin users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This enables subscribers to manage field groups, change visibility of items among other things. | ||||
| CVE-2025-32151 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15. | ||||
| CVE-2024-31096 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4. | ||||
| CVE-2025-26956 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.6 High |
| Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | ||||
| CVE-2023-6806 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-13559 | 2 Templatesnext, Wordpress | 2 Templatesnext Toolkit, Wordpress | 2025-07-12 | 6.4 Medium |
| The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tx_woo_wishlist_table' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||