Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11882 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27284 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in divspark Flagged Content flagged-content allows Reflected XSS.This issue affects Flagged Content: from n/a through <= 1.0.2. | ||||
| CVE-2025-27281 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu all-in-menu allows Blind SQL Injection.This issue affects All In Menu: from n/a through <= 1.1.5. | ||||
| CVE-2025-27279 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lynk Flashfader flashfader allows Reflected XSS.This issue affects Flashfader: from n/a through <= 1.1.1. | ||||
| CVE-2025-27278 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Ghedini AcuGIS Leaflet Maps mapfig-premium-leaflet-map-maker allows Reflected XSS.This issue affects AcuGIS Leaflet Maps: from n/a through <= 5.1.1.0. | ||||
| CVE-2025-27272 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG PostCarousel vg-postcarousel allows PHP Local File Inclusion.This issue affects VG PostCarousel: from n/a through <= 1.1. | ||||
| CVE-2025-27271 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberto Cocchiara DB Tables Import/Export db-tables-importexport allows Reflected XSS.This issue affects DB Tables Import/Export: from n/a through <= 1.0.1. | ||||
| CVE-2025-27270 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 9.8 Critical |
| Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from n/a through <= 2.5.4. | ||||
| CVE-2025-27266 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through <= 1.1.2. | ||||
| CVE-2025-27015 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designingmedia Hostiko hostiko allows PHP Local File Inclusion.This issue affects Hostiko: from n/a through < 30.1. | ||||
| CVE-2025-27014 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 30.1. | ||||
| CVE-2025-27012 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo a1post-bg-shipping-for-woocommerce allows Privilege Escalation.This issue affects A1POST.BG Shipping for Woo: from n/a through <= 1.5. | ||||
| CVE-2025-27006 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeplugs Authorsy authorsy allows Stored XSS.This issue affects Authorsy: from n/a through <= 1.0.5. | ||||
| CVE-2025-27005 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5. | ||||
| CVE-2025-27004 | 2 Lambertgroup, Wordpress | 2 Famous-responsive Image And Video Grid Gallery Wordpress Plugin, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through <= 1.4. | ||||
| CVE-2025-27003 | 2 Fullworksplugins, Wordpress | 2 Quick Paypal Payments, Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <= 5.7.46. | ||||
| CVE-2025-27002 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5. | ||||
| CVE-2025-27000 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in George Pattichis Simple Photo Feed simple-photo-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Photo Feed: from n/a through <= 1.4.0. | ||||
| CVE-2025-26995 | 2 Anton Vanyukov, Wordpress | 2 Market Exporter, Wordpress | 2026-04-23 | 5.4 Medium |
| Missing Authorization vulnerability in Anton Vanyukov Market Exporter market-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Market Exporter: from n/a through <= 2.0.21. | ||||
| CVE-2025-26992 | 2 Fatcatapps, Wordpress | 2 Landing Page Cat, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.8. | ||||
| CVE-2025-26991 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ollybach WPPizza wppizza allows Reflected XSS.This issue affects WPPizza: from n/a through <= 3.19.4. | ||||