Search Results (13985 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-48273 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through 1.2.2.
CVE-2023-47683 2 Miniorange, Wordpress 2 Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress 2026-04-15 8 High
Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6.
CVE-2023-40679 2 Jeweltheme, Wordpress 2 Master Addons For Elementor, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.
CVE-2023-4017 1 Wordpress 1 Wordpress 2026-04-15 6.1 Medium
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2023-37866 2 Crocoblock, Wordpress 2 Jetformbuilder, Wordpress 2026-04-15 7.2 High
Improper Privilege Management vulnerability in Crocoblock JetFormBuilder allows Privilege Escalation.This issue affects JetFormBuilder: from n/a through 3.0.8.
CVE-2023-32120 1 Wordpress 1 Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1.
CVE-2022-45811 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.
CVE-2020-36854 1 Wordpress 1 Wordpress 2026-04-15 6.4 Medium
The Async JavaScript plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.19.07.14. This is due to missing authorization checks on the aj_steps AJAX aciton along with a lack on sanitization on the settings saved via the function. This makes it possible for authenticated attackers with subscriber level permissions and above to inject malicious web scripts into a page that execute whenever a user accesses that page.
CVE-2020-36853 2 10web, Wordpress 2 Map Builder For Google Maps, Wordpress 2026-04-15 7.2 High
The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Plugin Settings Change in versions up to, and including, 1.0.63 due to insufficient input sanitization and output escaping and a lack of capability checks. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2020-36852 2 Custom Searchable Data Entry System Project, Wordpress 2 Custom Searchable Data Entry System, Wordpress 2026-04-15 9.1 Critical
The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazale_sds_delete_entries_table_row() function. This makes it possible for unauthenticated attackers to completely wipe database tables such as wp_users.
CVE-2019-25315 2 Anttiviljami, Wordpress 2 Wp Server Log Viewer, Wordpress 2026-04-15 6.4 Medium
WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface.
CVE-2019-25314 3 Copy-delete-posts, Duplicate-post, Wordpress 3 Duplicate Post, Post, Wordpress 2026-04-15 5.5 Medium
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.
CVE-2025-48082 2 Progress Planner, Wordpress 2 Progress Planner, Wordpress 2026-04-15 8.8 High
Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0.
CVE-2025-48095 2 Ays-pro, Wordpress 2 Survey Maker, Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8.
CVE-2025-48097 1 Wordpress 1 Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards allows Reflected XSS.This issue affects WSAnalytics: from n/a through <= 1.1.2.
CVE-2025-48098 2 Ays-pro, Wordpress 2 Survey Maker, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8.
CVE-2025-48099 2 Codeamp, Wordpress 2 Search & Filter, Wordpress 2026-04-15 4.7 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Code Amp Search & Filter search-filter allows Cross Site Request Forgery.This issue affects Search & Filter: from n/a through <= 1.2.17.
CVE-2025-48108 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.
CVE-2025-48111 2 Wordpress, Yithemes 2 Wordpress, Yith Paypal Express Checkout For Woocommerce 2026-04-15 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.
CVE-2025-49060 1 Wordpress 1 Wordpress 2026-04-15 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a through < 1.1.3.