Filtered by vendor Wordpress
Subscriptions
Total
11882 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60103 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in CridioStudio ListingPro listingpro-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.8. | ||||
| CVE-2025-66141 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2. | ||||
| CVE-2025-60105 | 2 Metaphorcreations, Wordpress | 2 Ditty, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Ditty ditty-news-ticker allows Stored XSS.This issue affects Ditty: from n/a through <= 3.1.58. | ||||
| CVE-2025-60110 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows SQL Injection.This issue affects AllInOne - Banner Rotator: from n/a through <= 3.8. | ||||
| CVE-2025-60125 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook foodbook allows Retrieve Embedded Sensitive Data.This issue affects FoodBook: from n/a through <= 4.7.6. | ||||
| CVE-2025-60133 | 2 Dj-extensions, Wordpress | 2 Pe Easy Slider, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DJ-Extensions.com PE Easy Slider pe-easy-slider allows Stored XSS.This issue affects PE Easy Slider: from n/a through <= 1.1.0. | ||||
| CVE-2025-60136 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through <= 1.0.2. | ||||
| CVE-2025-60137 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video post-featured-video allows Cross Site Request Forgery.This issue affects Post Featured Video: from n/a through <= 1.7. | ||||
| CVE-2025-60139 | 2 Joovii, Wordpress | 2 Sendle Shipping, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Cross Site Request Forgery.This issue affects Sendle Shipping: from n/a through <= 6.02. | ||||
| CVE-2025-60140 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.3. | ||||
| CVE-2025-60143 | 2 Netgsm, Wordpress | 2 Netgsm, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.69. | ||||
| CVE-2025-60145 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2. | ||||
| CVE-2025-8316 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘evento’ parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-60164 | 2 Newsman, Wordpress | 2 Newsmanapp, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp newsmanapp allows Stored XSS.This issue affects NewsmanApp: from n/a through <= 2.7.7. | ||||
| CVE-2025-60170 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HTACCESS IP Blocker htaccess-ip-blocker allows Stored XSS.This issue affects HTACCESS IP Blocker: from n/a through <= 1.0. | ||||
| CVE-2025-8417 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token (e.g. ?key= 900001705) without proper authentication, combined with the unsafe use of eval() on user-supplied input. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on the server via a forged request granted they can guess or brute-force the numeric key. | ||||
| CVE-2025-8423 | 2 Mythemeshop, Wordpress | 2 My Wp Translate, Wordpress | 2026-04-15 | 5.4 Medium |
| The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswpt_remove_plugin() and ajax_update_export_code() functions in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and delete arbitrary WordPress options which can cause a denial of service. | ||||
| CVE-2025-60173 | 3 Ashwani Kumar, Woocommerce, Wordpress | 3 Gst For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST for WooCommerce gst-for-woocommerce allows Stored XSS.This issue affects GST for WooCommerce: from n/a through <= 2.0. | ||||
| CVE-2025-32177 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pgn4web Embed Chessboard embed-chessboard allows Stored XSS.This issue affects Embed Chessboard: from n/a through <= 3.08.00. | ||||
| CVE-2025-8492 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible for unauthenticated attackers to execute AJAX actions, including limited file uploads. | ||||