Filtered by vendor Wordpress
Subscriptions
Total
8467 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58209 | 2 Rtcamp, Wordpress | 2 Transcoder, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rtCamp Transcoder allows Stored XSS. This issue affects Transcoder: from n/a through 1.4.0. | ||||
| CVE-2025-48081 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.3 Medium |
| Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0. | ||||
| CVE-2025-58211 | 2 Alexvtn, Wordpress | 2 Chatbox Manager, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager allows Stored XSS. This issue affects Chatbox Manager: from n/a through 1.2.6. | ||||
| CVE-2025-58216 | 2 Jgwhite33, Wordpress | 2 Wp Thumbtack Review Slider, Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Thumbtack Review Slider allows Stored XSS. This issue affects WP Thumbtack Review Slider: from n/a through 2.6. | ||||
| CVE-2025-0951 | 2 Liquidthemes, Wordpress | 4 Ai Hub, Archub, Hub and 1 more | 2025-08-29 | 4.3 Medium |
| Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquid_reset_wordpress_before AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate all of a site's plugins. While we escalated this to Envato after not being able to establish contact, it appears the developer added a nonce check, however that is not sufficient protection as the nonce is exposed to all users with access to the dashboard. | ||||
| CVE-2025-9352 | 2 Pronamic, Wordpress | 2 Google Maps, Wordpress | 2025-08-29 | 5.4 Medium |
| The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-58193 | 2 Uncannyowl, Wordpress | 2 Uncanny Automator, Wordpress | 2025-08-29 | 4.3 Medium |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uncanny Automator: from n/a through 6.7.0.1. | ||||
| CVE-2025-58201 | 2 Aftership & Automizely, Wordpress | 2 Aftership Tracking, Wordpress | 2025-08-29 | 5.3 Medium |
| Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AfterShip Tracking: from n/a through 1.17.17. | ||||
| CVE-2025-48323 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Abunaser Khan Advance Food Menu allows Stored XSS. This issue affects Advance Food Menu: from n/a through 1.0. | ||||
| CVE-2025-49040 | 2 Backupbolt, Wordpress | 2 Backup Bolt, Wordpress | 2025-08-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1. | ||||
| CVE-2025-48322 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Finn Dohrn Statify Widget allows Stored XSS. This issue affects Statify Widget: from n/a through 1.4.6. | ||||
| CVE-2025-48361 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Retrieve Embedded Sensitive Data. This issue affects Hesabfa Accounting: from n/a through 2.2.4. | ||||
| CVE-2025-48327 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.3 Medium |
| Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Mailgun SMTP: from n/a through 1.0.7. | ||||
| CVE-2025-48343 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows Stored XSS. This issue affects WPMU Ldap Authentication: from n/a through 5.0.1. | ||||
| CVE-2024-13807 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.5 High |
| The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract sensitive data from backups which can include the entire database and site's files. | ||||
| CVE-2025-48350 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 4.3 Medium |
| Missing Authorization vulnerability in Neuralabz LTD AutoWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AutoWP: from n/a through 2.2.2. | ||||
| CVE-2025-48352 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sitesearch-yandex Yandex Site search pinger allows Stored XSS. This issue affects Yandex Site search pinger: from n/a through 1.5. | ||||
| CVE-2025-48307 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For Images allows Stored XSS. This issue affects SEO For Images: from n/a through 1.0.0. | ||||
| CVE-2025-48354 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2025-08-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor allows Stored XSS. This issue affects Better Post & Filter Widgets for Elementor: from n/a through 1.6.0. | ||||
| CVE-2025-48319 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gslauraspeck Mesa Mesa Reservation Widget allows Stored XSS. This issue affects Mesa Mesa Reservation Widget: from n/a through 1.0.0. | ||||