Filtered by vendor Wordpress Subscriptions
Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 9875 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-54746 2 Cartpauj, Wordpress 2 Shortcode-redirect, Wordpress 2025-08-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS. This issue affects Shortcode Redirect: from n/a through 1.0.02.
CVE-2025-53582 2 Wordlift, Wordpress 2 Wordlift, Wordpress 2025-08-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS. This issue affects WordLift: from n/a through 3.54.5.
CVE-2025-55713 2 Creativethemes, Wordpress 2 Blocksy, Wordpress 2025-08-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.1.6.
CVE-2025-55716 2 Veronalabs, Wordpress 2 Wp Statistics, Wordpress 2025-08-15 4.3 Medium
Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15.
CVE-2025-54736 2 Nordicmade, Wordpress 2 Savoy, Wordpress 2025-08-15 5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy allows Retrieve Embedded Sensitive Data. This issue affects Savoy: from n/a through 3.0.8.
CVE-2025-54708 2 Bplugins, Wordpress 2 B Blocks, Wordpress 2025-08-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks allows DOM-Based XSS. This issue affects B Blocks: from n/a through 2.0.5.
CVE-2025-8676 2 Bplugins, Wordpress 2 B Slider, Wordpress 2025-08-15 4.3 Medium
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information.
CVE-2025-55712 2 Posimyth, Wordpress 2 The Plus Addons For Elementor Page Builder Lite, Wordpress 2025-08-15 6.5 Medium
Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.3.13.
CVE-2025-55714 2 Crocoblock, Wordpress 2 Jetelements For Elementor, Wordpress 2025-08-15 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.9.
CVE-2025-53347 2 Laborator, Wordpress 2 Kalium, Wordpress 2025-08-15 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3.
CVE-2025-53219 2 Pl4g4, Wordpress 2 Wp-database-optimizer-tools, Wordpress 2025-08-15 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools allows Cross Site Request Forgery. This issue affects WP-Database-Optimizer-Tools: from n/a through 0.2.
CVE-2025-54717 2 E-plugins, Wordpress 2 Wp Membership, Wordpress 2025-08-15 5.4 Medium
Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a through 1.6.3.
CVE-2025-49321 2 Themewinter, Wordpress 2 Eventin, Wordpress 2025-08-14 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28.
CVE-2025-49064 1 Wordpress 1 Wordpress 2025-08-14 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User Language Switch: from n/a through 1.6.10.
CVE-2025-49063 1 Wordpress 1 Wordpress 2025-08-14 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) allows Reflected XSS. This issue affects BaiduXZH Submit(百度熊掌号): from n/a through 1.4.6.
CVE-2025-49062 1 Wordpress 1 Wordpress 2025-08-14 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS. This issue affects WP-jScrollPane: from n/a through 2.0.3.
CVE-2025-25174 1 Wordpress 1 Wordpress 2025-08-14 10 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inclusion. This issue affects BeeTeam368 Extensions: from n/a through 1.9.4.
CVE-2025-49061 1 Wordpress 1 Wordpress 2025-08-14 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed allows Stored XSS. This issue affects Porn Videos Embed: from n/a through 0.9.1.
CVE-2025-28962 1 Wordpress 1 Wordpress 2025-08-14 6.5 Medium
Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Google Universal Analytics: from n/a through 1.0.3.
CVE-2025-28987 2 Pressforward, Wordpress 2 Pressforward, Wordpress 2025-08-14 6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward allows Server Side Request Forgery. This issue affects PressForward: from n/a through 5.9.1.