Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 5039 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-54679	2 Vertim, Wordpress	2 Neon Channel Product Customizer Free, Wordpress	2025-08-16	7.5 High
Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0.
CVE-2025-24766	2 Wordpress, Wp-royal-themes	2 Wordpress, News Magazine X	2025-08-16	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Royal Themes News Magazine X allows PHP Local File Inclusion. This issue affects News Magazine X: from n/a through 1.2.37.
CVE-2025-54704	3 Elementor, Hashthemes, Wordpress	3 Elementor, Easy Elementor Addons, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.2.6.
CVE-2025-30635	2 Themeatelier, Wordpress	2 Idonate, Wordpress	2025-08-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allows PHP Local File Inclusion. This issue affects IDonatePro: from n/a through 2.1.9.
CVE-2025-30639	2 Themeatelier, Wordpress	2 Idonate, Wordpress	2025-08-16	7.5 High
Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IDonatePro: from n/a through 2.1.9.
CVE-2025-54691	2 Stylemix, Wordpress	2 Motors, Wordpress	2025-08-16	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80.
CVE-2025-54699	2 Masteriyo, Wordpress	2 Masteriyo, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3.
CVE-2025-52775	2 Ronik Unlimitedwp, Wordpress	2 Project Cost Calculator, Wordpress	2025-08-16	7.1 High
Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Project Cost Calculator: from n/a through 1.0.0.
CVE-2025-49038	2 Soflyy, Wordpress	2 Wp Dynamic Links, Wordpress	2025-08-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links allows Reflected XSS. This issue affects WP Dynamic Links: from n/a through 1.0.1.
CVE-2025-49267	2 Dynamiapps, Wordpress	2 Frontend Admin, Wordpress	2025-08-16	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.3.
CVE-2025-47610	3 Wetail, Woocommerce, Wordpress	3 Woocommerce Fortnox Integration, Woocommerce, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.6.
CVE-2025-28999	3 Woocommerce, Wordpress, Zoomit	3 Woocommerce, Wordpress, Woocommerce Shop Page Builder	2025-08-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
CVE-2025-54697	2 Kadencewp, Wordpress	2 Kadence Woocommerce Email Designer, Wordpress	2025-08-16	7.2 High
Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.16.
CVE-2025-54696	2 Getwpfunnels, Wordpress	2 Wpfunnels, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26.
CVE-2025-54684	2 Crmperks, Wordpress	2 Integration For Contact Form 7 And Constant Contact, Wordpress	2025-08-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact allows Stored XSS. This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.7.
CVE-2025-30998	2 Rico Macchi, Wordpress	2 Wp Links Page, Wordpress	2025-08-16	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links Page: from n/a through 4.9.6.
CVE-2025-54702	2 Motovnet, Wordpress	2 Ebook Store, Wordpress	2025-08-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store allows Cross Site Request Forgery. This issue affects Ebook Store: from n/a through 5.8013.
CVE-2025-54674	3 Product Configurator For Woocommerce Project, Woocommerce, Wordpress	3 Product Configurator For Woocommerce, Woocommerce, Wordpress	2025-08-16	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4.
CVE-2025-54675	2 Wordpress, Yithemes	2 Wordpress, Yith Woocommerce Compare	2025-08-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1.48.0.
CVE-2025-30993	3 Villatheme, Woocommerce, Wordpress	4 Thank You Page Customizer For Woocommerce, Woocommerce Thank You Page Customizer, Woocommerce and 1 more	2025-08-16	6.5 Medium
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thank You Page Customizer for WooCommerce – Increase Your Sales: from n/a through 1.1.7.

Page 1 of 252. next last »