Filtered by vendor Wordpress
Subscriptions
Total
8371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9899 | 2 Trustreviews, Wordpress | 2 Trust Reviews Plugin, Wordpress | 2025-09-29 | 6.1 Medium |
| The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feed_save function. This makes it possible for unauthenticated attackers to create or modify feed entries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-59002 | 2 Seatheme, Wordpress | 2 Bm Content Builder, Wordpress | 2025-09-29 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal. This issue affects BM Content Builder: from n/a through n/a. | ||||
| CVE-2025-59012 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler allows Reflected XSS. This issue affects Traveler: from n/a through n/a. | ||||
| CVE-2025-58919 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 5.3 Medium |
| Missing Authorization vulnerability in guihom Wide Banner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wide Banner: from n/a through 1.0.4. | ||||
| CVE-2025-58917 | 3 Nick Verwymeren, Woocommerce, Wordpress | 3 Quantities And Units For Woocommerce, Woocommerce, Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Verwymeren Quantities and Units for WooCommerce allows Stored XSS. This issue affects Quantities and Units for WooCommerce: from n/a through 1.0.13. | ||||
| CVE-2025-60040 | 2 Fkrauthan, Wordpress | 2 Wp-mpdf, Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fkrauthan wp-mpdf allows Stored XSS. This issue affects wp-mpdf: from n/a through 3.9.1. | ||||
| CVE-2025-60092 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2025-09-29 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. | ||||
| CVE-2025-60093 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2025-09-29 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download Manager allows Cross Site Request Forgery. This issue affects Download Manager: from n/a through 3.3.24. | ||||
| CVE-2025-60094 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in Benjamin Intal Stackable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stackable: from n/a through 3.18.1. | ||||
| CVE-2025-60095 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Benjamin Intal Stackable allows Retrieve Embedded Sensitive Data. This issue affects Stackable: from n/a through 3.18.1. | ||||
| CVE-2025-60096 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem (Elementor) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem (Elementor): from n/a through 5.10.5. | ||||
| CVE-2025-60097 | 2 Codexthemes, Wordpress | 2 Thegem, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem: from n/a through 5.10.5. | ||||
| CVE-2025-60098 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.5 Medium |
| Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12. | ||||
| CVE-2025-60101 | 2 Woostify, Wordpress | 2 Woostify Theme, Wordpress | 2025-09-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Woostify Woostify allows Stored XSS. This issue affects Woostify: from n/a through 2.4.2. | ||||
| CVE-2025-60100 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2025-09-29 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore allows Code Injection. This issue affects XStore: from n/a through 9.5.3. | ||||
| CVE-2025-60103 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8. | ||||
| CVE-2025-60104 | 2 Jordy Meow, Wordpress | 2 Gallery Custom Links, Wordpress | 2025-09-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery Custom Links allows Stored XSS. This issue affects Gallery Custom Links: from n/a through 2.2.5. | ||||
| CVE-2025-60106 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.9 Medium |
| Missing Authorization vulnerability in Roxnor EmailKit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EmailKit: from n/a through 1.6.0. | ||||
| CVE-2025-27006 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeplugs Authorsy allows Stored XSS. This issue affects Authorsy: from n/a through 1.0.5. | ||||
| CVE-2025-60109 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider allows Blind SQL Injection. This issue affects LambertGroup - AllInOne - Content Slider: from n/a through 3.8. | ||||