Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11882 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30909 | 2 Conversios, Wordpress | 2 Conversios.io, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.3. | ||||
| CVE-2025-30905 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.4.3. | ||||
| CVE-2025-30904 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Stored XSS.This issue affects Chartify: from n/a through <= 3.1.7. | ||||
| CVE-2025-30901 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2. | ||||
| CVE-2025-30899 | 2 Wordpress, Wpeverest | 3 Wordpress, User Registration, User Registration \& Membership | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registration: from n/a through <= 4.0.3. | ||||
| CVE-2025-30895 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently mage-eventpress allows PHP Local File Inclusion.This issue affects WpEvently: from n/a through <= 4.2.9. | ||||
| CVE-2025-30894 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through <= 1.79.262. | ||||
| CVE-2025-30887 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.2.9. | ||||
| CVE-2025-30882 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-04-23 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1. | ||||
| CVE-2025-30881 | 2 Themehunk, Wordpress | 2 Big Store, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through <= 2.0.8. | ||||
| CVE-2025-30880 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2026-04-23 | 7.5 High |
| Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2. | ||||
| CVE-2025-30875 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a through <= 1.3.16. | ||||
| CVE-2025-30869 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall image-wall allows Reflected XSS.This issue affects Image Wall: from n/a through <= 3.0. | ||||
| CVE-2025-30866 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product terms-and-conditions-per-product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Terms & Conditions Per Product: from n/a through <= 1.2.15. | ||||
| CVE-2025-30865 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite 3dprint-lite allows Cross Site Request Forgery.This issue affects 3DPrint Lite: from n/a through <= 2.1.3.5. | ||||
| CVE-2025-30864 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in falselight Exchange Rates exchange-rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exchange Rates: from n/a through <= 1.2.2. | ||||
| CVE-2025-30860 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows DOM-Based XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <= 0.5.8.2. | ||||
| CVE-2025-30850 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sfaerber Dr. Flex dr-flex allows Stored XSS.This issue affects Dr. Flex: from n/a through <= 2.0.0. | ||||
| CVE-2025-30845 | 2 Webangon, Wordpress | 2 The Pack Elementor Addons, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through <= 2.1.1. | ||||
| CVE-2025-30843 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through <= 1.1.0.34. | ||||