ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
9043 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63027 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webcreations907 WBC907 Core allows Stored XSS.This issue affects WBC907 Core: from n/a through 3.4.1. | ||||
| CVE-2025-66080 | 2 Wordpress, Wp Legal Pages | 2 Wordpress, Wp Cookie Notice | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 4.0.3. | ||||
| CVE-2025-62753 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through 1.3.2. | ||||
| CVE-2025-59131 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Hoernerfranz WP-CalDav2ICS allows Stored XSS.This issue affects WP-CalDav2ICS: from n/a through 1.3.4. | ||||
| CVE-2025-68885 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0. | ||||
| CVE-2025-49354 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technologies Recent Posts From Each Category allows Stored XSS.This issue affects Recent Posts From Each Category: from n/a through 1.4. | ||||
| CVE-2025-49353 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noindex by Path allows Stored XSS.This issue affects Noindex by Path: from n/a through 1.0. | ||||
| CVE-2025-49345 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through 3.1.2. | ||||
| CVE-2025-49344 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Rene Ade SensitiveTagCloud allows Stored XSS.This issue affects SensitiveTagCloud: from n/a through 1.4.1. | ||||
| CVE-2025-59137 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5. | ||||
| CVE-2025-49346 | 2 Peter Sterling, Wordpress | 2 Simple Archive Generator, Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Simple Archive Generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through 5.2. | ||||
| CVE-2025-49343 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr allows Stored XSS.This issue affects Social Profilr: from n/a through 1.0. | ||||
| CVE-2025-49028 | 2 Wordpress, Zoho Mail | 2 Wordpress, Zoho Zeptomail | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through 3.3.1. | ||||
| CVE-2025-13029 | 2 Knowband, Wordpress | 2 Mobile App Builder, Wordpress | 2026-01-05 | 7.5 High |
| The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users. | ||||
| CVE-2025-49342 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Wolfgang Häfelinger Custom Style allows Stored XSS.This issue affects Custom Style: from n/a through 1.0. | ||||
| CVE-2025-63005 | 2 Tooltips, Wordpress | 2 Wordpress Tooltips, Wordpress | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9. | ||||
| CVE-2025-14434 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.3 Medium |
| The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upk_alex_grid_loadmore_posts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and retrieve rendered HTML content of private and unpublished ones. | ||||
| CVE-2025-62136 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Melos allows Stored XSS.This issue affects Melos: from n/a through 1.6.0. | ||||
| CVE-2025-14783 | 2 Smub, Wordpress | 2 Easy Digital Downloads, Wordpress | 2026-01-05 | 4.3 Medium |
| The Easy Digital Downloads plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.6.2. This is due to insufficient validation on the redirect url supplied via the 'edd_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2025-62761 | 2 Basepress, Wordpress | 2 Knowledge Base Documentation & Wiki Plugin, Wordpress | 2026-01-05 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.17.0.1. | ||||