Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11954 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26942 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.5 High |
| Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through <= 1.5.1. | ||||
| CVE-2025-26885 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through <= 1.5.1. | ||||
| CVE-2025-26760 | 2 Wordpress, Wow-company | 2 Wordpress, Calculator-builder | 2026-04-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder calculator-builder allows PHP Local File Inclusion.This issue affects Calculator Builder: from n/a through <= 1.6.2. | ||||
| CVE-2025-23528 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through <= 4.1. | ||||
| CVE-2025-24556 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.5 High |
| Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle moowoodle allows Retrieve Embedded Sensitive Data.This issue affects MooWoodle: from n/a through <= 3.2.4. | ||||
| CVE-2025-23434 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in viher3 Easy EU Cookie law easy-eu-cookie-law allows Stored XSS.This issue affects Easy EU Cookie law: from n/a through <= 1.3.3.1. | ||||
| CVE-2025-24643 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 6.5 Medium |
| Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPGuppy: from n/a through <= 1.1.0. | ||||
| CVE-2025-23784 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows SQL Injection.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through <= 1.2.1. | ||||
| CVE-2025-22773 | 2 Wordpress, Wpchill | 2 Wordpress, Htaccess File Editor | 2026-04-29 | 5.3 Medium |
| Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through <= 1.0.19. | ||||
| CVE-2025-22633 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 5.8 Medium |
| Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in StellarWP Give – Divi Donation Modules give-donation-modules-for-divi allows Retrieve Embedded Sensitive Data.This issue affects Give – Divi Donation Modules: from n/a through <= 2.0.0. | ||||
| CVE-2024-56067 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.5 High |
| Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3. | ||||
| CVE-2025-22650 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget smartarget-contact-us allows Stored XSS.This issue affects Smartarget: from n/a through <= 1.5.3. | ||||
| CVE-2025-22754 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Klein Center Amber amberlink allows Reflected XSS.This issue affects Amber: from n/a through <= 1.4.4. | ||||
| CVE-2025-22645 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 5.3 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: from n/a through <= 7.3. | ||||
| CVE-2025-23432 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through <= 1.12.0. | ||||
| CVE-2025-22711 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through <= 2.29.0. | ||||
| CVE-2024-54279 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.This issue affects WP-NERD Toolkit: from n/a through <= 1.1. | ||||
| CVE-2024-56000 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0. | ||||
| CVE-2024-49316 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zodiac Akismet htaccess writer akismet-htaccess-writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through <= 1.0.1. | ||||
| CVE-2024-49246 | 1 Wordpress | 1 Wordpress | 2026-04-29 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login ajax-rating-with-custom-login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through <= 1.1. | ||||