CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 11789 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-32177	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pgn4web Embed Chessboard embed-chessboard allows Stored XSS.This issue affects Embed Chessboard: from n/a through <= 3.08.00.
CVE-2025-32174	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tockify Tockify Events Calendar tockify-events-calendar allows DOM-Based XSS.This issue affects Tockify Events Calendar: from n/a through <= 2.2.13.
CVE-2025-32170	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Stored XSS.This issue affects Motors: from n/a through <= 1.4.71.
CVE-2025-32169	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh Prasad Showeblogin Social showeblogin-facebook-page-like-box allows DOM-Based XSS.This issue affects Showeblogin Social: from n/a through <= 7.0.
CVE-2025-32168	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7.
CVE-2025-32165	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fromdoppler Doppler Forms doppler-form allows Stored XSS.This issue affects Doppler Forms: from n/a through <= 2.5.1.
CVE-2025-32160	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite.This issue affects EventON: from n/a through <= 2.4.1.
CVE-2025-32153	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG WooCarousel vg-woocarousel allows PHP Local File Inclusion.This issue affects VG WooCarousel: from n/a through <= 1.3.
CVE-2025-32151	2 Themekraft, Wordpress	2 Buddyforms, Wordpress	2026-04-01	8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through <= 2.9.0.
CVE-2025-32150	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Manager: from n/a through <= 7.3.
CVE-2025-32149	2 Mtrv, Wordpress	2 Teachpress, Wordpress	2026-04-01	8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11.
CVE-2025-32146	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-32143	2 Pickplugins, Wordpress	2 Accordion, Wordpress	2026-04-01	N/A
Deserialization of Untrusted Data vulnerability in PickPlugins Accordion accordions allows Object Injection.This issue affects Accordion: from n/a through <= 2.3.11.
CVE-2025-32142	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: from n/a through <= 1.4.71.
CVE-2025-32140	1 Wordpress	1 Wordpress	2026-04-01	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a Web Shell to a Web Server.This issue affects WP Remote Thumbnail: from n/a through <= 1.3.2.
CVE-2025-32139	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooBox Image Lightbox foobox-image-lightbox.This issue affects FooBox Image Lightbox : from n/a through <= 2.7.33.
CVE-2025-32138	2 Supsystic, Wordpress	2 Easy Google Maps, Wordpress	2026-04-01	N/A
Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps google-maps-easy allows XML Injection.This issue affects Easy Google Maps: from n/a through <= 1.11.18.
CVE-2025-32135	2 Rocketelements, Wordpress	2 Split Test For Elementor, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rocketelements Split Test For Elementor split-test-for-elementor allows Stored XSS.This issue affects Split Test For Elementor: from n/a through <= 1.8.4.
CVE-2025-32134	2 Kaizencoders, Wordpress	2 Url Shortify, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders URL Shortify url-shortify allows Stored XSS.This issue affects URL Shortify: from n/a through <= 1.10.5.1.
CVE-2025-32132	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit funnelcockpit allows Stored XSS.This issue affects FunnelCockpit: from n/a through <= 1.4.3.

« first previous Page 275 of 590. next last »