Filtered by vendor Wordpress
Subscriptions
Total
6709 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49962 | 2 Usestrict, Wordpress | 2 Bbpress Notify, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict bbPress Notify bbpress-notify-nospam allows Reflected XSS.This issue affects bbPress Notify: from n/a through <= 2.19.4. | ||||
| CVE-2025-49961 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 6.3 Medium |
| Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through <= 1.4.0. | ||||
| CVE-2025-49960 | 2 Leadbi, Wordpress | 2 Leadbi Plugin, Wordpress | 2025-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in leadbi LeadBI Plugin for WordPress leadbi allows Stored XSS.This issue affects LeadBI Plugin for WordPress: from n/a through <= 1.7. | ||||
| CVE-2025-49959 | 2 Bbpress, Wordpress | 2 Bbpress, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Casier bbPress Move Topics bbp-move-topics allows Reflected XSS.This issue affects bbPress Move Topics: from n/a through <= 1.1.6. | ||||
| CVE-2025-49958 | 3 Robokassa, Woocommerce, Wordpress | 3 Payment Gateway For Woocommerce, Woocommerce, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.8.1. | ||||
| CVE-2025-49957 | 2 Weboccult Technologies, Wordpress | 2 Email Attachment By Order Status And Products, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-order-status-products allows Reflected XSS.This issue affects Email Attachment by Order Status & Products: from n/a through <= 1.0.1. | ||||
| CVE-2025-49956 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anandaraj Balu Fade Slider fade-slider allows Reflected XSS.This issue affects Fade Slider: from n/a through <= 2.5. | ||||
| CVE-2025-49955 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rajan Vijayan WP Smart Flexslider wp-smart-flexslider allows Reflected XSS.This issue affects WP Smart Flexslider: from n/a through <= 2.5. | ||||
| CVE-2025-49952 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2025-10-23 | 6.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.1.1. | ||||
| CVE-2025-49951 | 2 Gappointments, Wordpress | 2 Gappointments, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcrunch gAppointments gAppointments allows Reflected XSS.This issue affects gAppointments: from n/a through <= 1.14.1. | ||||
| CVE-2025-49950 | 2 Official Integration For Billingo Project, Wordpress | 2 Official Integration For Billingo, Wordpress | 2025-10-23 | 7.3 High |
| Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.2.5. | ||||
| CVE-2025-49949 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 5.5 Medium |
| Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2. | ||||
| CVE-2025-49948 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad Awais WP Super Edit wp-super-edit allows Reflected XSS.This issue affects WP Super Edit: from n/a through <= 2.5.4. | ||||
| CVE-2025-49947 | 3 Extendons, Woocommerce, Wordpress | 3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3. | ||||
| CVE-2025-49946 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy Auto Login After Registration auto-login-after-registration allows Reflected XSS.This issue affects Auto Login After Registration: from n/a through <= 1.0.0. | ||||
| CVE-2025-49945 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through <= 1.1. | ||||
| CVE-2025-49944 | 2 Wordpress, Wpcode | 2 Wordpress, Wpcode | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonatan Jumbert WPCode Content Ratio wpcode-content-ratio allows Reflected XSS.This issue affects WPCode Content Ratio: from n/a through <= 2.0. | ||||
| CVE-2025-49940 | 1 Wordpress | 1 Wordpress | 2025-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through <= 3.13.2. | ||||
| CVE-2025-49939 | 2 Crocoblock, Wordpress | 2 Jetelements For Elementor, Wordpress | 2025-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7.8. | ||||
| CVE-2025-49938 | 2 Crocoblock, Wordpress | 2 Jetengine, Wordpress | 2025-10-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3. | ||||