Filtered by vendor Wordpress
Subscriptions
Total
11973 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22538 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Stored XSS.This issue affects Virtual Bot: from n/a through <= 1.0.0. | ||||
| CVE-2025-54028 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP Local File Inclusion.This issue affects CF7 WOW Styler: from n/a through <= 1.7.2. | ||||
| CVE-2025-22577 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Damion Armentrout Able Player wp-able-player allows DOM-Based XSS.This issue affects Able Player: from n/a through <= 1.0. | ||||
| CVE-2025-22586 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dstoever WPEX Replace DB Urls wpex-replace allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through <= 0.4.0. | ||||
| CVE-2025-22636 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vicente Ruiz Gálvez VR-Frases vr-frases allows Reflected XSS.This issue affects VR-Frases: from n/a through <= 4.0.1. | ||||
| CVE-2025-22645 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: from n/a through <= 7.3. | ||||
| CVE-2025-22653 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tuyennv Music Press Pro music-press-pro allows Stored XSS.This issue affects Music Press Pro: from n/a through <= 1.4.6. | ||||
| CVE-2024-51631 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Md Eftakhairul Islam Sticky Social Bar sticky-social-bar allows Cross Site Request Forgery.This issue affects Sticky Social Bar: from n/a through <= 2.0. | ||||
| CVE-2024-37950 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3. | ||||
| CVE-2025-22779 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in codeaffairs WP News Sliders wp-news-sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through <= 1.0. | ||||
| CVE-2024-54294 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through <= 1.0.1. | ||||
| CVE-2024-54361 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through <= 1.2. | ||||
| CVE-2025-22816 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetrendy Power Mag power-mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through <= 1.1.5. | ||||
| CVE-2025-22819 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roberto Bottalico Qr Code and Barcode Scanner Reader qr-code-and-barcode-scanner-reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through <= 1.0.0. | ||||
| CVE-2025-22822 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bishawjit-das wp custom countdown wp-custom-countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through <= 2.8. | ||||
| CVE-2025-23445 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in scottswezey Easy Tynt easy-tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through <= 0.2.5.1. | ||||
| CVE-2025-23475 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fireantology History timeline history-timeline allows Reflected XSS.This issue affects History timeline: from n/a through <= 0.7.2. | ||||
| CVE-2025-23482 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azurecurve azurecurve Floating Featured Image azurecurve-floating-featured-image allows Reflected XSS.This issue affects azurecurve Floating Featured Image: from n/a through <= 2.2.0. | ||||
| CVE-2024-55973 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rnystrom TSB Occasion Editor tsb-occasion-editor allows SQL Injection.This issue affects TSB Occasion Editor: from n/a through <= 1.2.1. | ||||
| CVE-2025-23533 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in zetxek WP Lyrics wplyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through <= 0.4.1. | ||||