Wordpress CVE - OpenCVE

Filtered by vendor Wordpress Subscriptions

Total 7054 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62930	2 Mapsvg, Wordpress	2 Mapsvg, Wordpress	2025-10-28	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows DOM-Based XSS.This issue affects MapSVG: from n/a through <= 8.7.15.
CVE-2025-62929	2 Pluginops, Wordpress	2 Testimonial Slider, Wordpress	2025-10-28	8.8 High
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
CVE-2025-62928	1 Wordpress	1 Wordpress	2025-10-28	8.1 High
Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through <= 1.2.0.
CVE-2025-62927	1 Wordpress	1 Wordpress	2025-10-28	8.1 High
Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through <= 4.0.5.
CVE-2025-62925	2 Conversios, Wordpress	2 Conversios.io, Wordpress	2025-10-28	8.1 High
Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.10.
CVE-2025-62924	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2025-10-28	8.8 High
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17.
CVE-2025-62923	3 Debuggers Studio, Elementor, Wordpress	3 Marquee Addons For Elementor, Elementor, Wordpress	2025-10-28	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio Marquee Addons for Elementor marquee-addons-for-elementor allows DOM-Based XSS.This issue affects Marquee Addons for Elementor: from n/a through <= 3.7.12.
CVE-2025-62922	1 Wordpress	1 Wordpress	2025-10-28	8.1 High
Missing Authorization vulnerability in Shambhu Patnaik Export Categories export-categories allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export Categories: from n/a through <= 1.0.
CVE-2025-62920	1 Wordpress	1 Wordpress	2025-10-28	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webnique USERCENTRICS CMP usercentrics-consent-management-platform allows Stored XSS.This issue affects USERCENTRICS CMP: from n/a through <= 1.0.9.
CVE-2025-62919	1 Wordpress	1 Wordpress	2025-10-28	9.1 Critical
Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/a through <= 0.1.2.
CVE-2025-62918	1 Wordpress	1 Wordpress	2025-10-28	8.8 High
Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IgnitionDeck: from n/a through <= 2.0.10.
CVE-2025-62917	2 Tooltipy, Wordpress	2 Tooltipy, Wordpress	2025-10-28	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through <= 5.5.9.
CVE-2025-62916	1 Wordpress	1 Wordpress	2025-10-28	8.8 High
Missing Authorization vulnerability in adivaha® Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights & Hotels Booking WP Plugin: from n/a through <= 3.1.
CVE-2025-62915	2 Clicksend, Wordpress	2 Sms Contact Form 7 Notifications By Clicksend, Wordpress	2025-10-28	8.1 High
Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Contact Form 7 Notifications by ClickSend: from n/a through <= 1.4.0.
CVE-2025-62913	1 Wordpress	1 Wordpress	2025-10-28	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpopal Opal Service opal-service allows Stored XSS.This issue affects Opal Service: from n/a through <= 1.9.1.
CVE-2025-62912	2 Siteground, Wordpress	2 Email-marketing, Wordpress	2025-10-28	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through <= 1.7.1.
CVE-2025-62911	2 Rockcontent, Wordpress	2 Rock Convert, Wordpress	2025-10-28	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Content Rock Convert rock-convert allows Stored XSS.This issue affects Rock Convert: from n/a through <= 3.0.1.
CVE-2025-62910	2 Deshine, Wordpress	2 Video Gallery, Wordpress	2025-10-28	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deshine Video Gallery by Huzzaz huzzaz-video-gallery allows Stored XSS.This issue affects Video Gallery by Huzzaz: from n/a through <= 10.5.
CVE-2025-62909	1 Wordpress	1 Wordpress	2025-10-28	8.1 High
Missing Authorization vulnerability in mrityunjay Smart WeTransfer smart-wetransfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WeTransfer: from n/a through <= 1.3.
CVE-2025-62908	1 Wordpress	1 Wordpress	2025-10-28	9.8 Critical
Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from n/a through <= 5.9.1.

« first previous Page 20 of 353. next last »