Filtered by vendor Wordpress
Subscriptions
Total
8467 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58606 | 2 Cozythemes, Wordpress | 2 Saaslauncher, Wordpress | 2025-09-04 | 5 Medium |
| Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SaasLauncher: from n/a through 1.3.0. | ||||
| CVE-2025-58609 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iulia Cazan Latest Post Shortcode allows Stored XSS. This issue affects Latest Post Shortcode: from n/a through 14.0.3. | ||||
| CVE-2025-58611 | 2 Tickera, Wordpress | 2 Tickera, Wordpress | 2025-09-04 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera allows Cross Site Request Forgery. This issue affects Tickera: from n/a through 3.5.5.6. | ||||
| CVE-2025-58614 | 2 Tooltipy, Wordpress | 2 Tooltipy, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy allows Stored XSS. This issue affects Tooltipy: from n/a through 5.5.6. | ||||
| CVE-2025-58615 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 4.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro allows Server Side Request Forgery. This issue affects WP Bannerize Pro: from n/a through 1.10.0. | ||||
| CVE-2025-9519 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 7.2 High |
| The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server. | ||||
| CVE-2025-58612 | 2 Propertyhive, Wordpress | 2 Propertyhive, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.5. | ||||
| CVE-2025-58640 | 2 Matrixaddons, Wordpress | 2 Document Engine Plugin, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Document Engine allows Stored XSS. This issue affects Document Engine: from n/a through 1.2. | ||||
| CVE-2025-58641 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery. This issue affects Exit Intent Popup: from n/a through 1.0.1. | ||||
| CVE-2025-58596 | 2 Mailoptin, Wordpress | 2 Mailoptin, Wordpress | 2025-09-04 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0. | ||||
| CVE-2025-9616 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset cookie time settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-8268 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users. | ||||
| CVE-2025-58598 | 3 Klarna, Woocommerce, Wordpress | 3 Klarna For Woocommerce, Woocommerce, Wordpress | 2025-09-04 | 6.6 Medium |
| Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Klarna Order Management for WooCommerce: from n/a through 1.9.8. | ||||
| CVE-2025-58603 | 2 Surfer, Wordpress | 2 Surfer Plugin, Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574. | ||||
| CVE-2025-58635 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.23. | ||||
| CVE-2025-58622 | 2 Wordpress, Yydevelopment | 2 Wordpress, Mobile Contact Line Plugin | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0. | ||||
| CVE-2025-58631 | 2 Wordpress, Zeen101 | 2 Wordpress, Issuem Plugin | 2025-09-04 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 IssueM allows DOM-Based XSS. This issue affects IssueM: from n/a through 2.9.0. | ||||
| CVE-2025-58634 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4. | ||||
| CVE-2025-58601 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6. | ||||
| CVE-2025-58625 | 2 Spiffyplugins, Wordpress | 2 Wp Flow Plus, Wordpress | 2025-09-04 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS. This issue affects WP Flow Plus: from n/a through 5.2.5. | ||||