Filtered by vendor Wordpress
Subscriptions
Total
11859 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32482 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in quanganhdo Custom Smilies custom-smilies allows Stored XSS.This issue affects Custom Smilies: from n/a through <= 1.2. | ||||
| CVE-2025-62131 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5. | ||||
| CVE-2025-62132 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5. | ||||
| CVE-2025-32485 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Cross Site Request Forgery.This issue affects WP Performance Pack: from n/a through <= 2.5.4. | ||||
| CVE-2025-62135 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in landwire Responsive Block Control responsive-block-control allows DOM-Based XSS.This issue affects Responsive Block Control: from n/a through <= 1.3.0. | ||||
| CVE-2025-62136 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thinkupthemes Melos melos allows Stored XSS.This issue affects Melos: from n/a through <= 1.6.0. | ||||
| CVE-2025-62147 | 2 Realbig, Wordpress | 2 Realbig, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3. | ||||
| CVE-2025-8293 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Intl DateTime Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘date’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-32490 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebsiteDefender wp secure wp-secure-by-sitesecuritymonitorcom allows Stored XSS.This issue affects wp secure: from n/a through <= 1.2. | ||||
| CVE-2025-23550 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kemal YAZICI Product Puller product-puller allows Reflected XSS.This issue affects Product Puller: from n/a through <= 1.5.1. | ||||
| CVE-2025-32502 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu magazine-lister-for-yumpu allows Stored XSS.This issue affects ePaper Lister for Yumpu: from n/a through <= 1.4.0. | ||||
| CVE-2025-23849 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through <= 0.5.18. | ||||
| CVE-2025-62753 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos masvideos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through <= 1.3.4. | ||||
| CVE-2025-62756 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lvaudore The Moneytizer the-moneytizer allows DOM-Based XSS.This issue affects The Moneytizer: from n/a through <= 10.0.9. | ||||
| CVE-2025-62990 | 2 Livemesh, Wordpress | 2 Livemesh Addons For Beaver Builder, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Beaver Builder addons-for-beaver-builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through <= 3.9.2. | ||||
| CVE-2025-63020 | 2 Wayne Allen, Wordpress | 2 Postie, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through <= 1.9.73. | ||||
| CVE-2025-32546 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through <= 1.5.3. | ||||
| CVE-2025-32555 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Edamam SEO, Nutrition and Print for Recipes by Edamam seo-nutrition-and-print-for-recipes-by-edamam allows Stored XSS.This issue affects SEO, Nutrition and Print for Recipes by Edamam: from n/a through <= 3.3. | ||||
| CVE-2025-63027 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcreations907 WBC907 Core wbc907-core allows Stored XSS.This issue affects WBC907 Core: from n/a through <= 3.4.1. | ||||
| CVE-2025-63065 | 2 Davidlingren, Wordpress | 2 Media Library Assistant, Wordpress | 2026-04-15 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n/a through <= 3.29. | ||||