Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11882 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49694 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in imw3 My Wp Brand my-wp-brand.This issue affects My Wp Brand: from n/a through <= 1.1.2. | ||||
| CVE-2024-50414 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buttonizer Button contact VR button-contact-vr allows Stored XSS.This issue affects Button contact VR: from n/a through <= 4.7.9.1. | ||||
| CVE-2024-50424 | 2 Templately, Wordpress | 2 Templately, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in WPDeveloper Templately templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through <= 3.1.5. | ||||
| CVE-2024-30433 | 2 Multivendorx, Wordpress | 2 Wc Marketplace, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Stored XSS.This issue affects WC Marketplace: from n/a through 4.1.3. | ||||
| CVE-2024-30434 | 2 Wordpress, Wp-crm | 2 Wordpress, Wp-crm System | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-CRM System allows Stored XSS.This issue affects WP-CRM System: from n/a through 3.2.9. | ||||
| CVE-2024-50452 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through <= 3.3.3. | ||||
| CVE-2024-50469 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brightvesseldev Textboxes textboxes allows DOM-Based XSS.This issue affects Textboxes: from n/a through <= 0.1.3.1. | ||||
| CVE-2023-29239 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1. | ||||
| CVE-2025-24609 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through <= 3.2.4. | ||||
| CVE-2025-24614 | 2 Agilelogix, Wordpress | 2 Post Timeline, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agile Logix Post Timeline post-timeline allows Reflected XSS.This issue affects Post Timeline: from n/a through <= 2.3.9. | ||||
| CVE-2025-24621 | 2 Tychesoftwares, Wordpress | 2 Arconix Shortcodes, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Reflected XSS.This issue affects Arconix Shortcodes: from n/a through <= 2.1.15. | ||||
| CVE-2024-52348 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Extensions AA Audio Player aa-audio-player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through <= 1.0. | ||||
| CVE-2025-24624 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems HT Event ht-event allows Reflected XSS.This issue affects HT Event: from n/a through <= 1.4.6. | ||||
| CVE-2024-50534 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in techdabang World Prayer Time world-prayer-time allows Stored XSS.This issue affects World Prayer Time: from n/a through <= 2.0. | ||||
| CVE-2025-24638 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pddring Create with Code create-with-code allows DOM-Based XSS.This issue affects Create with Code: from n/a through <= 1.4. | ||||
| CVE-2025-24640 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through <= 1.0. | ||||
| CVE-2023-30476 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2. | ||||
| CVE-2025-24645 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob Scott Eazy Under Construction eazy-under-construction allows Reflected XSS.This issue affects Eazy Under Construction: from n/a through <= 1.0. | ||||
| CVE-2024-12922 | 2 Themegoods, Wordpress | 2 Altair, Wordpress | 2026-04-15 | 9.8 Critical |
| The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-13182 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_parse_request' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator. | ||||