Filtered by vendor Wordpress
Subscriptions
Total
11174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58622 | 2 Wordpress, Yydevelopment | 2 Wordpress, Mobile Contact Line Plugin | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0. | ||||
| CVE-2025-58623 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bohemia Plugins Event Feed for Eventbrite allows DOM-Based XSS. This issue affects Event Feed for Eventbrite: from n/a through 1.3.2. | ||||
| CVE-2025-58632 | 2 Dadevarzan, Wordpress | 2 Wordpress Common Plugin, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common allows Stored XSS. This issue affects Dadevarzan WordPress Common: from n/a through 2.2.2. | ||||
| CVE-2025-58639 | 2 Contact Form By Mega Forms Project, Wordpress | 2 Contact Form By Mega Forms, Wordpress | 2025-09-04 | 5.4 Medium |
| Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form By Mega Forms: from n/a through 1.6.1. | ||||
| CVE-2025-58641 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery. This issue affects Exit Intent Popup: from n/a through 1.0.1. | ||||
| CVE-2025-58642 | 2 Enituretechnology, Wordpress | 2 Ltl Freight Quotes, Wordpress | 2025-09-04 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition allows Object Injection. This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through 2.1.11. | ||||
| CVE-2025-58643 | 2 Enituretechnology, Wordpress | 2 Ltl Freight Quotes, Wordpress | 2025-09-04 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through 2.2.7. | ||||
| CVE-2025-58644 | 2 Enituretechnology, Wordpress | 2 Ltl Freight Quotes, Wordpress | 2025-09-04 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition allows Object Injection. This issue affects LTL Freight Quotes - TQL Edition: from n/a through 1.2.6. | ||||
| CVE-2025-9519 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 7.2 High |
| The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server. | ||||
| CVE-2025-8268 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users. | ||||
| CVE-2025-58633 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.21. | ||||
| CVE-2025-58625 | 2 Spiffyplugins, Wordpress | 2 Wp Flow Plus, Wordpress | 2025-09-04 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS. This issue affects WP Flow Plus: from n/a through 5.2.5. | ||||
| CVE-2025-58614 | 2 Tooltipy, Wordpress | 2 Tooltipy, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy allows Stored XSS. This issue affects Tooltipy: from n/a through 5.5.6. | ||||
| CVE-2025-58611 | 2 Tickera, Wordpress | 2 Tickera, Wordpress | 2025-09-04 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera allows Cross Site Request Forgery. This issue affects Tickera: from n/a through 3.5.5.6. | ||||
| CVE-2025-58605 | 2 Wordpress, Wpdelicious | 2 Wordpress, Wp Delicious | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows Stored XSS. This issue affects WP Delicious: from n/a through 1.8.7. | ||||
| CVE-2025-58602 | 2 If-so, Wordpress | 3 Dynamic Content Personalization, If-so, Wordpress | 2025-09-04 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.4. | ||||
| CVE-2025-58597 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6. | ||||
| CVE-2025-9616 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset cookie time settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-58613 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Posts Table with Search & Sort: from n/a through 1.4.10. | ||||
| CVE-2025-58599 | 2 Tychesoftwares, Wordpress | 2 Order Delivery Date For Woocommerce, Wordpress | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Delivery Date for WooCommerce: from n/a through 4.1.0. | ||||