Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
9591 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63035 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2026-01-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. | ||||
| CVE-2025-63033 | 3 Elementor, Riyadh Ahmed, Wordpress | 3 Elementor, Make Section And Column Clickable For Elementor, Wordpress | 2026-01-30 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a through <= 2.3. | ||||
| CVE-2025-66098 | 1 Wordpress | 1 Wordpress | 2026-01-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camille V Travelers' Map travelers-map allows Stored XSS.This issue affects Travelers' Map: from n/a through <= 2.3.2. | ||||
| CVE-2025-66090 | 1 Wordpress | 1 Wordpress | 2026-01-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through <= 2.5. | ||||
| CVE-2025-62986 | 1 Wordpress | 1 Wordpress | 2026-01-30 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through <= 0.6. | ||||
| CVE-2025-62897 | 1 Wordpress | 1 Wordpress | 2026-01-30 | 4.7 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through <= 10.1.1. | ||||
| CVE-2025-52741 | 1 Wordpress | 1 Wordpress | 2026-01-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barry Kooij Post Connector post-connector allows Reflected XSS.This issue affects Post Connector: from n/a through <= 1.0.11. | ||||
| CVE-2025-59593 | 2 Extendthemes, Wordpress | 2 Colibri Page Builder, Wordpress | 2026-01-30 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through < 1.0.334. | ||||
| CVE-2025-49908 | 1 Wordpress | 1 Wordpress | 2026-01-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a through <= 3.1.4. | ||||
| CVE-2025-14975 | 1 Wordpress | 1 Wordpress | 2026-01-30 | 8.1 High |
| The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account | ||||
| CVE-2025-7808 | 2 Fahadmahmood, Wordpress | 2 Wp Shopify, Wordpress | 2026-01-29 | 6.1 Medium |
| The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-68061 | 2 Thememove, Wordpress | 2 Edumall, Wordpress | 2026-01-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7. | ||||
| CVE-2025-68062 | 2 Thememove, Wordpress | 2 Minimogwp, Wordpress | 2026-01-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. | ||||
| CVE-2025-60069 | 2 Thememove, Wordpress | 2 Minimogwp, Wordpress | 2026-01-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. | ||||
| CVE-2025-14429 | 2 Thememove, Wordpress | 2 Aeroland, Wordpress | 2026-01-29 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through <= 1.6.6. | ||||
| CVE-2025-68547 | 2 Wordpress, Wpwebelite | 2 Wordpress, Follow My Blog Post | 2026-01-29 | 7.5 High |
| Missing Authorization vulnerability in WPweb Follow My Blog Post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through 2.4.0. | ||||
| CVE-2025-68006 | 1 Wordpress | 1 Wordpress | 2026-01-29 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23. | ||||
| CVE-2025-68004 | 1 Wordpress | 1 Wordpress | 2026-01-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through <= 1.2.1.1. | ||||
| CVE-2025-68003 | 1 Wordpress | 1 Wordpress | 2026-01-29 | 6.5 Medium |
| Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10. | ||||
| CVE-2025-67957 | 2 Tangiblewp, Wordpress | 2 Listivo, Wordpress | 2026-01-29 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo Core: from n/a through <= 2.3.77. | ||||