Filtered by vendor Wordpress
Subscriptions
Total
11973 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39531 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in slazzercom Slazzer Background Changer slazzer-background-changer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slazzer Background Changer: from n/a through <= 3.14. | ||||
| CVE-2025-39523 | 2 Goodbarber, Wordpress | 2 Goodbarber, Wordpress | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in GoodBarber GoodBarber goodbarber.This issue affects GoodBarber: from n/a through <= 1.0.26. | ||||
| CVE-2025-39519 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in runthings.dev Bulk Page Stub Creator bulk-page-stub-creator allows Reflected XSS.This issue affects Bulk Page Stub Creator: from n/a through <= 1.1. | ||||
| CVE-2025-39512 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor bulk-term-editor allows Cross Site Request Forgery.This issue affects Bulk Term Editor: from n/a through <= 1.1.4. | ||||
| CVE-2025-39510 | 2 Valvepress, Wordpress | 2 Pinterest Automatic Pin, Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through < 4.19.0. | ||||
| CVE-2025-39506 | 2 Nasatheme, Wordpress | 2 Nasa Core, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through <= 6.3.2. | ||||
| CVE-2025-39498 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) spotlight-social-photo-feeds-premium allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds (Premium): from n/a through <= 1.7.1. | ||||
| CVE-2025-39497 | 2 Dokan, Wordpress | 2 Dokan Pro Plugin, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro dokan-pro allows Stored XSS.This issue affects Dokan Pro: from n/a through <= 3.14.5. | ||||
| CVE-2025-39490 | 2 Qodeinteractive, Wordpress | 2 Backpack Traveler, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2. | ||||
| CVE-2025-39488 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit MagOne magone allows Reflected XSS.This issue affects MagOne: from n/a through <= 8.8. | ||||
| CVE-2025-39484 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada entrada allows SQL Injection.This issue affects Entrada: from n/a through <= 5.7.7. | ||||
| CVE-2025-39483 | 2 Imithemes, Wordpress | 2 Eventer, Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through < 3.9.9.1. | ||||
| CVE-2025-39478 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification smio-push-notification allows Reflected XSS.This issue affects Smart Notification: from n/a through <= 10.3. | ||||
| CVE-2025-39477 | 2 Sfwebservice, Wordpress | 2 Injob, Wordpress | 2026-04-23 | 9.8 Critical |
| Missing Authorization vulnerability in Sfwebservice InWave Jobs iwjob allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through <= 3.5.8. | ||||
| CVE-2025-39471 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1. | ||||
| CVE-2025-39469 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1. | ||||
| CVE-2025-39468 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1. | ||||
| CVE-2025-39467 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Wanderland, Wanderland, Wordpress | 2026-04-23 | 8.1 High |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. | ||||
| CVE-2025-39466 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Dor, Dor, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4. | ||||
| CVE-2025-39465 | 2 Flippercode, Wordpress | 2 Advanced Google Maps, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4. | ||||