Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11819 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30543 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in swayam.tejwani Menu Duplicator copy-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Menu Duplicator: from n/a through <= 1.0. | ||||
| CVE-2025-30561 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Henrique Mouta CAS Maestro cas-maestro allows Stored XSS.This issue affects CAS Maestro: from n/a through <= 1.1.3. | ||||
| CVE-2025-9540 | 2 Markup Markdown Project, Wordpress | 2 Markup Markdown, Wordpress | 2026-04-15 | 4.7 Medium |
| The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-68879 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in councilsoft Content Grid Slider content-grid-slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through <= 1.5. | ||||
| CVE-2025-30611 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wptobe Wptobe-signinup wptobe-signinup allows Reflected XSS.This issue affects Wptobe-signinup: from n/a through <= 1.1.2. | ||||
| CVE-2025-30617 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite rewrite allows Cross Site Request Forgery.This issue affects Rewrite: from n/a through <= 0.2.1. | ||||
| CVE-2025-66141 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2. | ||||
| CVE-2024-24705 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6. | ||||
| CVE-2024-24707 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | ||||
| CVE-2025-9627 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirl_plugin_options function. This makes it possible for unauthenticated attackers to modify plugin settings including distance units, pace display preferences, style themes, and display positions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-56020 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in svegliadesign SvegliaT Buttons svegliat-buttons allows Stored XSS.This issue affects SvegliaT Buttons: from n/a through <= 1.3.0. | ||||
| CVE-2024-56021 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibnuyahya Category Post Shortcode category-post-shortcode allows Stored XSS.This issue affects Category Post Shortcode: from n/a through <= 2.4. | ||||
| CVE-2025-68874 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through <= 1.5.0. | ||||
| CVE-2025-9634 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Plugin updates blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the pub_save action handler. This makes it possible for unauthenticated attackers to disable or enable plugin updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-66159 | 2 Merkulove, Wordpress | 2 Walker For Elementor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through <= 1.1.6. | ||||
| CVE-2025-67615 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through <= 1.5.1. | ||||
| CVE-2026-24938 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through <= 4.2.1. | ||||
| CVE-2025-12379 | 2 Averta, Wordpress | 2 Shortcodes And Extra Features For Phlox Theme, Wordpress | 2026-04-15 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and ‘title_tag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-67942 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6. | ||||
| CVE-2025-67947 | 3 Elementor, Scriptsbundle, Wordpress | 3 Elementor, Adforest, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through <= 3.0.11. | ||||