Filtered by vendor Wordpress
Subscriptions
Total
8467 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67554 | 2 Hu-manity, Wordpress | 2 Cookie Notice & Compliance For Gdpr / Ccpa, Wordpress | 2025-12-10 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Humanityco Cookie Notice & Compliance for GDPR / CCPA cookie-notice allows Stored XSS.This issue affects Cookie Notice & Compliance for GDPR / CCPA: from n/a through <= 2.5.8. | ||||
| CVE-2025-67553 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: from n/a through <= 1.5.2. | ||||
| CVE-2025-67552 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WalkerWP Walker Core walker-core allows DOM-Based XSS.This issue affects Walker Core: from n/a through <= 1.3.17. | ||||
| CVE-2025-67551 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wappointment team Wappointment wappointment allows Stored XSS.This issue affects Wappointment: from n/a through <= 2.6.9. | ||||
| CVE-2025-67550 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a through <= 2.2.6. | ||||
| CVE-2025-67548 | 2 Wordpress, Wpdelicious | 2 Wordpress, Wp Delicious | 2025-12-10 | 6.5 Medium |
| Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.1. | ||||
| CVE-2025-67545 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through <= 3.1.0-free. | ||||
| CVE-2025-67534 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7. | ||||
| CVE-2025-67533 | 2 Themify, Wordpress | 2 Portfolio Post, Wordpress | 2025-12-10 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Portfolio Post themify-portfolio-post allows Stored XSS.This issue affects Themify Portfolio Post: from n/a through <= 1.3.0. | ||||
| CVE-2025-67474 | 2 Ultimatemember, Wordpress | 2 Forumwp, Wordpress | 2025-12-10 | 4.3 Medium |
| Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through <= 2.1.4. | ||||
| CVE-2025-67470 | 2 Essentialplugin, Wordpress | 2 Portfolio And Projects, Wordpress | 2025-12-10 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: from n/a through <= 1.5.5. | ||||
| CVE-2025-67468 | 2 Crmperks, Wordpress | 2 Integration For Salesforce And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress | 2025-12-10 | 4.3 Medium |
| Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms: from n/a through <= 1.4.6. | ||||
| CVE-2025-66527 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 4.3 Medium |
| Missing Authorization vulnerability in VanKarWai Lobo lobo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lobo: from n/a through <= 2.8.6. | ||||
| CVE-2025-66526 | 2 Essekia, Wordpress | 2 Tablesome Table, Wordpress | 2025-12-10 | 4.3 Medium |
| Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34. | ||||
| CVE-2025-66525 | 2 Elasticemail, Wordpress | 2 Elastic Email Sender, Wordpress | 2025-12-10 | 4.3 Medium |
| Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through <= 1.2.20. | ||||
| CVE-2025-64257 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 4.3 Medium |
| Missing Authorization vulnerability in Joe Dolson My Tickets my-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Tickets: from n/a through <= 2.1.0. | ||||
| CVE-2025-63006 | 2 Metagauss, Wordpress | 2 Eventprime, Wordpress | 2025-12-10 | 4.3 Medium |
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.4.1. | ||||
| CVE-2025-63003 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North - Required Plugin north-plugin allows PHP Local File Inclusion.This issue affects North - Required Plugin: from n/a through <= 1.4.2. | ||||
| CVE-2025-62999 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 5.4 Medium |
| Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through <= 3.4. | ||||
| CVE-2025-62997 | 2 Levelfourdevelopment, Wordpress | 2 Wp-easycart, Wordpress | 2025-12-10 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Retrieve Embedded Sensitive Data.This issue affects WP EasyCart: from n/a through <= 5.8.11. | ||||