Filtered by vendor Wordpress
Subscriptions
Total
6177 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58990 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech ShopLentor allows Stored XSS. This issue affects ShopLentor: from n/a through 3.2.0. | ||||
| CVE-2025-54709 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. | ||||
| CVE-2025-58983 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2. | ||||
| CVE-2025-58980 | 2 Myrecorp, Wordpress | 2 Export Wp Page To Static Html/css, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0. | ||||
| CVE-2025-58977 | 2 Winwar, Wordpress | 2 Wp Ebay Product Feeds, Wordpress | 2025-09-11 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8. | ||||
| CVE-2025-58981 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 5.4 Medium |
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | ||||
| CVE-2025-59005 | 2 Frenify, Wordpress | 2 Categorify, Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5. | ||||
| CVE-2025-58989 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text Field For Contact Form 7: from n/a through 1.0. | ||||
| CVE-2025-58982 | 2 Pixeline, Wordpress | 2 Email Protector, Wordpress | 2025-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through 1.3.8. | ||||
| CVE-2025-58979 | 2 Berqier, Wordpress | 2 Berqwp, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53. | ||||
| CVE-2025-58978 | 2 Wordpress, Wpswings | 2 Wordpress, Pdf Generator For Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4. | ||||
| CVE-2025-58976 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | ||||
| CVE-2025-58975 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1. | ||||
| CVE-2025-58215 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. This issue affects Ziston: from n/a through n/a. | ||||
| CVE-2025-9888 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clear_log function. This makes it possible for unauthenticated attackers to clear all spam logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-7826 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.5 Medium |
| The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-10126 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.4 Medium |
| The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'mbumap' shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-9979 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download the spam log database containing blocked submission attempts, which may include misclassified but legitimate submissions with sensitive data. | ||||
| CVE-2025-9622 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for unauthenticated attackers to trigger cache purging, sitemap clearing, plugin data purging, and score resetting operations via forged requests granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-8778 | 2 Nitropack, Wordpress | 2 Nitropack, Wordpress | 2025-09-11 | 4.3 Medium |
| The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropack_set_compression_ajax() function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the nitropack-enableCompression option and effectively change plugin compression settings. | ||||