Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11832 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31042 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in rtakao Sandwich Adsense firsth3tagadsense allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sandwich Adsense: from n/a through <= 4.0.2. | ||||
| CVE-2024-51640 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Matt Rude MDR Webmaster Tools mdr-webmaster-tools allows Stored XSS.This issue affects MDR Webmaster Tools: from n/a through <= 1.1. | ||||
| CVE-2025-26569 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in callmeforsox Post Thumbs post-thumbs allows Stored XSS.This issue affects Post Thumbs: from n/a through <= 1.5. | ||||
| CVE-2025-31066 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in themeton Acerola acerola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acerola: from n/a through <= 1.6.5. | ||||
| CVE-2025-11856 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Eventbee Ticketing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eventbeeticketwidget' shortcode in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input and output of several parameters. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-69294 | 2 Fuelthemes, Wordpress | 2 Peakshops, Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through <= 1.5.9. | ||||
| CVE-2025-69308 | 2 Teconcetheme, Wordpress | 2 Nestbyte Core, Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL Injection.This issue affects Nestbyte Core: from n/a through <= 1.2. | ||||
| CVE-2024-52503 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tailored Media Tailored Tools tailored-tools allows Stored XSS.This issue affects Tailored Tools: from n/a through <= 1.8.4. | ||||
| CVE-2025-69366 | 2 Teconcetheme, Wordpress | 2 Emerce Core, Wordpress | 2026-04-15 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Emerce Core emerce-core allows Blind SQL Injection.This issue affects Emerce Core: from n/a through <= 1.8. | ||||
| CVE-2025-69368 | 2 Gt3themes, Wordpress | 2 Soho - Photography Wordpress Theme, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through <= 3.0.3. | ||||
| CVE-2024-53726 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in RealtyCandy.com RealtyCandy IDX Broker Extended realtycandy-idx-broker-extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended: from n/a through <= 1.5.1. | ||||
| CVE-2024-53729 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in plumwd Blizzard Quotes blizzard-quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through <= 1.3. | ||||
| CVE-2024-53731 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fintelligence Fintelligence Calculator fintelligence-calculator allows Stored XSS.This issue affects Fintelligence Calculator: from n/a through <= 1.0.3. | ||||
| CVE-2026-1371 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-15 | 5.3 Medium |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the `ajax_coupon_details()` function, which only validates nonces but does not verify user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive coupon information including coupon codes, discount amounts, usage statistics, and course/bundle applications. | ||||
| CVE-2024-53732 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in wpwox Footer Flyout Widget footer-flyout-widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through <= 1.1. | ||||
| CVE-2025-57921 | 2 Najeebmedia, Wordpress | 2 Frontend File Manager, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.3. | ||||
| CVE-2024-53747 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nutttaro Video Player for WPBakery video-player-for-wpbakery allows Stored XSS.This issue affects Video Player for WPBakery: from n/a through <= 1.0.1. | ||||
| CVE-2024-53768 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ideinteractive Content Audit Exporter content-audit-exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through <= 1.1. | ||||
| CVE-2024-53787 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Random Banner random-banner allows Stored XSS.This issue affects Random Banner: from n/a through <= 4.2.12. | ||||
| CVE-2024-54205 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget postman-widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through <= 1.14. | ||||