ReportizFlow
Filtered by vendor Wordpress
Subscriptions
Total
5584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4034 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 6.4 Medium |
| The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-3749 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 6.4 Medium |
| The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cal_size’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23542 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert D Payne RDP Linkedin Login allows Reflected XSS. This issue affects RDP Linkedin Login: from n/a through 1.7.0. | ||||
| CVE-2024-54399 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2. | ||||
| CVE-2024-53707 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ahmet İmamoğlu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0. | ||||
| CVE-2025-23643 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ReadMe Creator allows Reflected XSS. This issue affects ReadMe Creator: from n/a through 1.0. | ||||
| CVE-2023-35875 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2025-07-14 | 5.3 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5. | ||||
| CVE-2024-13731 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 6.4 Medium |
| The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12592 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 6.4 Medium |
| The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-32201 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.8.3. | ||||
| CVE-2025-23634 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Youtube Video Grid allows Reflected XSS. This issue affects Youtube Video Grid: from n/a through 1.9. | ||||
| CVE-2024-30449 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Activities Team Booking Activities allows Reflected XSS.This issue affects Booking Activities: from n/a through 1.15.19. | ||||
| CVE-2025-46538 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup allows DOM-Based XSS. This issue affects Inline Text Popup: from n/a through 1.0.0. | ||||
| CVE-2025-31787 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4. | ||||
| CVE-2025-22537 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in traveller11 Google Maps Travel Route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through 1.3.1. | ||||
| CVE-2024-1780 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 6.1 Medium |
| The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-32559 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat allows Stored XSS. This issue affects REVE Chat: from n/a through 6.2.2. | ||||
| CVE-2025-26872 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. | ||||
| CVE-2024-52473 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Lyrics Karaoke Player allows Reflected XSS.This issue affects HTML5 Lyrics Karaoke Player: from n/a through 2.4. | ||||
| CVE-2025-39540 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP Flipclock allows DOM-Based XSS. This issue affects WP Flipclock: from n/a through 1.9. | ||||