Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
6956 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9893 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vm_set_to_default function. This makes it possible for unauthenticated attackers to reset all menu reordering settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9896 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9894 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticated attackers to trigger content synchronization from Feedly, potentially creating multiple posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-9899 | 2 Trustreviews, Wordpress | 2 Trust Reviews Plugin, Wordpress | 2025-09-29 | 6.1 Medium |
| The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feed_save function. This makes it possible for unauthenticated attackers to create or modify feed entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-59002 | 2 Seatheme, Wordpress | 2 Bm Content Builder, Wordpress | 2025-09-29 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal. This issue affects BM Content Builder: from n/a through n/a. | ||||
| CVE-2025-59012 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler allows Reflected XSS. This issue affects Traveler: from n/a through n/a. | ||||
| CVE-2025-58919 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 5.3 Medium |
| Missing Authorization vulnerability in guihom Wide Banner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wide Banner: from n/a through 1.0.4. | ||||
| CVE-2025-58917 | 3 Nick Verwymeren, Woocommerce, Wordpress | 3 Quantities And Units For Woocommerce, Woocommerce, Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Verwymeren Quantities and Units for WooCommerce allows Stored XSS. This issue affects Quantities and Units for WooCommerce: from n/a through 1.0.13. | ||||
| CVE-2025-60040 | 2 Fkrauthan, Wordpress | 2 Wp-mpdf, Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fkrauthan wp-mpdf allows Stored XSS. This issue affects wp-mpdf: from n/a through 3.9.1. | ||||
| CVE-2025-60092 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2025-09-29 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. | ||||
| CVE-2025-60093 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2025-09-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24. | ||||
| CVE-2025-60094 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in Benjamin Intal Stackable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stackable: from n/a through 3.18.1. | ||||
| CVE-2025-60095 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable allows Retrieve Embedded Sensitive Data. This issue affects Stackable: from n/a through 3.18.1. | ||||
| CVE-2025-60096 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem (Elementor) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem (Elementor): from n/a through 5.10.5. | ||||
| CVE-2025-60097 | 2 Codexthemes, Wordpress | 2 Thegem, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem: from n/a through 5.10.5. | ||||
| CVE-2025-60098 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.5 Medium |
| Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12. | ||||
| CVE-2025-60101 | 2 Woostify, Wordpress | 2 Woostify Theme, Wordpress | 2025-09-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Woostify Woostify allows Stored XSS. This issue affects Woostify: from n/a through 2.4.2. | ||||
| CVE-2025-60100 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2025-09-29 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore allows Code Injection. This issue affects XStore: from n/a through 9.5.3. | ||||
| CVE-2025-60103 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8. | ||||
| CVE-2025-60104 | 2 Jordy Meow, Wordpress | 2 Gallery Custom Links, Wordpress | 2025-09-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery Custom Links allows Stored XSS. This issue affects Gallery Custom Links: from n/a through 2.2.5. | ||||