Filtered by vendor Wordpress
Subscriptions
Total
8258 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68082 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush-contentshake allows Cross Site Request Forgery.This issue affects Semrush Content Toolkit: from n/a through <= 1.1.32. | ||||
| CVE-2025-67999 | 2 Stefanno Lissa, Wordpress | 2 Newsletter, Wordpress | 2025-12-17 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9. | ||||
| CVE-2025-13861 | 2 Linksoftware, Wordpress | 2 Html Forms, Wordpress | 2025-12-17 | 6.1 Medium |
| The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying it in the WordPress admin dashboard. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever an administrator accesses the form submissions page. | ||||
| CVE-2025-13880 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 6.5 Medium |
| The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getAdvanceSettings and saveAdvanceSettings functions in all versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to view and modify plugin's advanced settings. | ||||
| CVE-2025-14385 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 6.4 Medium |
| The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 10.2.3 due to insufficient input sanitization and output escaping on user-supplied attributes in the wprm-recipe-roundup-item shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-14154 | 2 Wordplus, Wordpress | 2 Better Messages, Wordpress | 2025-12-17 | 6.1 Medium |
| The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via guest display name in all versions up to, and including, 2.10.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-67989 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3. | ||||
| CVE-2025-67976 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 6.5 Medium |
| Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5. | ||||
| CVE-2025-66132 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through <= 2.2.26. | ||||
| CVE-2025-11369 | 2 Wordpress, Wpdevteam | 2 Wordpress, Gutenberg Essential Blocks | 2025-12-17 | 4.3 Medium |
| The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the get_instagram_access_token_callback, google_map_api_key_save_callback and get_siteinfo functions in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with Author-level access and above, to view API keys configured for the external services. | ||||
| CVE-2025-64631 | 2 Wclovers, Wordpress | 2 Wcfm Marketplace, Wordpress | 2025-12-17 | 5 Medium |
| Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.6.15. | ||||
| CVE-2025-64241 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 4.3 Medium |
| Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and Deals wp-coupons-and-deals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Coupons and Deals: from n/a through <= 3.2.4. | ||||
| CVE-2025-12189 | 2 Breadbutter, Wordpress | 2 Bread And Butter, Wordpress | 2025-12-17 | 4.3 Medium |
| The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321. This is due to missing or incorrect nonce validation on the uploadImage() function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-68084 | 2 Nitesh Singh, Wordpress | 2 Ultimate Wordpress Auction Plugin, Wordpress | 2025-12-17 | 5.4 Medium |
| Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through <= 4.3.2. | ||||
| CVE-2025-68078 | 2 Themenectar, Wordpress | 2 Salient Core, Wordpress | 2025-12-17 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Portfolio salient-portfolio allows Stored XSS.This issue affects Salient Portfolio: from n/a through <= 1.8.2. | ||||
| CVE-2025-68070 | 2 Vektor, Wordpress | 2 Vk Google Job Posting Manager, Wordpress | 2025-12-17 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This issue affects VK Google Job Posting Manager: from n/a through <= 1.2.21. | ||||
| CVE-2025-67929 | 2 Templateinvaders, Wordpress | 2 Ti Woocommerce Wishlist, Wordpress | 2025-12-17 | 5.3 Medium |
| Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0. | ||||
| CVE-2025-66133 | 2 Wordpress, Wp Legal Pages | 2 Wordpress, Wp Cookie Notice | 2025-12-17 | 5.3 Medium |
| Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7. | ||||
| CVE-2025-64635 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 5.4 Medium |
| Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0. | ||||
| CVE-2025-64247 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 6.5 Medium |
| Missing Authorization vulnerability in edmon.parker Read More & Accordion expand-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Read More & Accordion: from n/a through <= 3.5.4.1. | ||||