Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11831 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31885 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows DOM-Based XSS.This issue affects Hyperlink Group Block: from n/a through <= 2.0.1. | ||||
| CVE-2025-54749 | 2 Crocoblock, Wordpress | 2 Jetproductgallery, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows Stored XSS.This issue affects JetProductGallery: from n/a through <= 2.2.0.2. | ||||
| CVE-2025-31887 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media mybookprogress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyBookProgress by Stormhill Media: from n/a through <= 1.0.8. | ||||
| CVE-2025-52801 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4. | ||||
| CVE-2025-54751 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-04-15 | 7.1 High |
| Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36. | ||||
| CVE-2025-52823 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through <= 1.16.8. | ||||
| CVE-2025-31893 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cheesefather Botnet Attack Blocker botnet-attack-blocker allows Stored XSS.This issue affects Botnet Attack Blocker: from n/a through <= 2.0.0. | ||||
| CVE-2025-31898 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dustinscarberry MediaView mediaview allows Reflected XSS.This issue affects MediaView: from n/a through <= 1.1.2. | ||||
| CVE-2025-31899 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpshopee Awesome Logos awesome-logos allows Reflected XSS.This issue affects Awesome Logos: from n/a through <= 1.2. | ||||
| CVE-2025-31902 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems Social Share And Social Locker social-share-and-social-locker-arsocial allows Reflected XSS.This issue affects Social Share And Social Locker: from n/a through <= 1.4.1. | ||||
| CVE-2025-31905 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O'Donnell Team Rosters team-rosters allows Reflected XSS.This issue affects Team Rosters: from n/a through <= 4.7. | ||||
| CVE-2025-31907 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Team Builder team-display allows Reflected XSS.This issue affects Team Builder: from n/a through <= 1.3. | ||||
| CVE-2025-31924 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This issue affects Crafts & Arts: from n/a through <= 2.5. | ||||
| CVE-2025-31928 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support multimedia-carousel allows SQL Injection.This issue affects Multimedia Responsive Carousel with Image Video Audio Support: from n/a through <= 2.6.0. | ||||
| CVE-2025-55707 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-04-15 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35. | ||||
| CVE-2025-55712 | 2 Posimyth, Wordpress | 2 The Plus Addons For Elementor Page Builder Lite, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 6.3.13. | ||||
| CVE-2025-55713 | 2 Creativethemes, Wordpress | 2 Blocksy, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy allows Stored XSS.This issue affects Blocksy: from n/a through <= 2.1.6. | ||||
| CVE-2025-55716 | 2 Veronalabs, Wordpress | 2 Wp Statistics, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through <= 14.15. | ||||
| CVE-2025-32123 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: from n/a through <= 5.3.5. | ||||
| CVE-2025-52774 | 2 Infility, Wordpress | 2 Infility Global, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Reflected XSS.This issue affects Infility Global: from n/a through <= 2.15.06. | ||||