Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11819 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23560 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in plumwd Web Testimonials web-testimonials allows Stored XSS.This issue affects Web Testimonials: from n/a through <= 1.2. | ||||
| CVE-2024-37448 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in famethemes OnePress onepress allows Cross Site Request Forgery.This issue affects OnePress: from n/a through <= 2.3.6. | ||||
| CVE-2024-43989 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.This issue affects Justified Image Grid: from n/a through <= 4.6.1. | ||||
| CVE-2024-44055 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Server-Side Request Forgery (SSRF) vulnerability in brandexponents Oshine Modules oshine-modules.This issue affects Oshine Modules: from n/a through < 3.3.8. | ||||
| CVE-2024-44028 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through < 3.6.5. | ||||
| CVE-2025-12020 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.9 Medium |
| The Double the Donation – A workplace giving tool to help your fundraising efforts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-51919 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3. | ||||
| CVE-2024-54387 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaytesh Barange Posts Date Ranges posts-date-ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through <= 2.2. | ||||
| CVE-2024-54414 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through <= 2.4.4. | ||||
| CVE-2025-63075 | 2 Muffingroup, Wordpress | 2 Betheme, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in muffingroup Betheme betheme allows DOM-Based XSS.This issue affects Betheme: from n/a through <= 28.2. | ||||
| CVE-2024-54423 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through <= 1.1. | ||||
| CVE-2025-62024 | 2 Jonathanjernigan, Wordpress | 2 Pie Calendar, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar pie-calendar.This issue affects Pie Calendar: from n/a through <= 1.2.9. | ||||
| CVE-2024-56032 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Descriptions fv-descriptions allows Reflected XSS.This issue affects FV Descriptions: from n/a through <= 1.4. | ||||
| CVE-2025-25147 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO auto-seo allows Stored XSS.This issue affects Auto SEO: from n/a through <= 2.5.6. | ||||
| CVE-2024-56203 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through <= 1.0. | ||||
| CVE-2025-25159 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez wpdoodlez allows Stored XSS.This issue affects WP doodlez: from n/a through <= 1.0.10. | ||||
| CVE-2025-62052 | 2 Horea Radu, Wordpress | 2 One Page Express Companion, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Horea Radu One Page Express Companion one-page-express-companion.This issue affects One Page Express Companion: from n/a through <= 1.6.43. | ||||
| CVE-2024-13746 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and including, 4.0.3. This makes it possible for unauthenticated attackers to extract data, create or update bookings, or delete arbitrary posts. | ||||
| CVE-2025-23459 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NsThemes NS Simple Intro Loader ns-simple-intro-loader allows Reflected XSS.This issue affects NS Simple Intro Loader: from n/a through <= 2.2.3. | ||||
| CVE-2025-62072 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users.This issue affects Front End Users: from n/a through <= 3.2.33. | ||||