Filtered by vendor Wordpress
Subscriptions
Total
643 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5561 | 1 Wordpress | 1 Wordpress | 2025-02-13 | 5.3 Medium |
| WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack | ||||
| CVE-2023-39999 | 2 Fedoraproject, Wordpress | 2 Fedora, Wordpress | 2025-02-13 | 4.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. | ||||
| CVE-2023-2745 | 1 Wordpress | 1 Wordpress | 2025-02-13 | 5.4 Medium |
| WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack. | ||||
| CVE-2005-1688 | 1 Wordpress | 1 Wordpress | 2025-01-16 | 5.3 Medium |
| Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. | ||||
| CVE-2022-47161 | 1 Wordpress | 1 Health Check \& Troubleshooting | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions. | ||||
| CVE-2022-47174 | 1 Wordpress | 1 Performance Lab | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. | ||||
| CVE-2023-25454 | 1 Wordpress | 1 Nate Reist Protected Posts Logout Button | 2024-12-09 | 6.5 Medium |
| Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5. | ||||
| CVE-2024-11178 | 1 Wordpress | 1 Login With Otp Plugin | 2024-12-09 | 8.1 High |
| The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
| CVE-2024-11292 | 1 Wordpress | 1 Wp Private Content Plus Plugin | 2024-12-06 | 5.3 Medium |
| The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-35746 | 2 Buddypress Cover Project, Wordpress | 2 Buddypress Cover, Buddypress Cover | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2. | ||||
| CVE-2024-33688 | 1 Wordpress | 1 Teluro Theme | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. | ||||
| CVE-2024-33682 | 1 Wordpress | 1 Gdpr Compliance | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23. | ||||
| CVE-2024-33585 | 1 Wordpress | 1 Payment Gateway Based Fees And Discounts For Woocommerce | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1. | ||||
| CVE-2024-33576 | 1 Wordpress | 1 Wppizza | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. | ||||
| CVE-2024-33566 | 1 Wordpress | 1 Orderconvo | 2024-11-21 | 10 Critical |
| Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | ||||
| CVE-2024-32835 | 1 Wordpress | 1 Import Export Wordpress Users | 2024-11-21 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. | ||||
| CVE-2024-32822 | 1 Wordpress | 1 Reviews Plus | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4. | ||||
| CVE-2024-32801 | 1 Wordpress | 1 Widget Post Slider | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin Widget Post Slider allows Stored XSS.This issue affects Widget Post Slider: from n/a through 1.3.5. | ||||
| CVE-2024-32789 | 1 Wordpress | 1 Seers Plugin | 2024-11-21 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0. | ||||
| CVE-2024-32781 | 1 Wordpress | 1 Email Customizer For Woocommerce | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0. | ||||