Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11882 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-31626	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem Support Helpdesk Ticket System Lite ticket-help-desk-system-lite allows Reflected XSS.This issue affects Support Helpdesk Ticket System Lite: from n/a through <= 4.5.2.
CVE-2025-31625	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence useinfluence allows Stored XSS.This issue affects Useinfluence: from n/a through <= 1.0.8.
CVE-2025-31623	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor richtexteditor allows Stored XSS.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
CVE-2025-31622	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Utkarsh Kukreti Advanced Typekit advanced-typekit allows Stored XSS.This issue affects Advanced Typekit: from n/a through <= 1.0.1.
CVE-2025-31621	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpaulsson byBrick Accordion bybrick-accordion allows Stored XSS.This issue affects byBrick Accordion: from n/a through <= 1.0.
CVE-2025-31620	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carperfer CoverManager covermanager allows Stored XSS.This issue affects CoverManager: from n/a through <= 0.0.1.
CVE-2025-31619	2 Marcoingraiti, Wordpress	2 Actionwear Products Sync, Wordpress	2026-04-23	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through <= 2.3.3.
CVE-2025-31614	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hiroprot Terms Before Download terms-before-download allows Stored XSS.This issue affects Terms Before Download: from n/a through <= 1.0.5.
CVE-2025-31613	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Aboobacker. AB Google Map Travel ab-google-map-travel allows Cross Site Request Forgery.This issue affects AB Google Map Travel : from n/a through <= 4.6.
CVE-2025-31612	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll cbxpoll allows Object Injection.This issue affects CBX Poll: from n/a through <= 2.0.4.
CVE-2025-31611	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload auto-post-after-image-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Post After Image Upload: from n/a through <= 1.6.
CVE-2025-31608	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reDim GmbH CookieHint WP cookiehint-wp allows Stored XSS.This issue affects CookieHint WP: from n/a through <= 1.0.0.
CVE-2025-31607	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flomei Simple-Audioplayer simple-audioplayer allows Stored XSS.This issue affects Simple-Audioplayer: from n/a through <= 1.1.
CVE-2025-31605	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WeblineIndia Welcome Popup welcome-popup allows Stored XSS.This issue affects Welcome Popup: from n/a through <= 1.0.10.
CVE-2025-31602	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Proptech Plugin Apimo Connector apimo allows Cross Site Request Forgery.This issue affects Apimo Connector: from n/a through <= 2.6.5.2.
CVE-2025-31600	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in designnbuy DesignO designo allows Cross Site Request Forgery.This issue affects DesignO: from n/a through <= 2.6.0.
CVE-2025-31596	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Chatwee Chat by Chatwee chatwee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat by Chatwee: from n/a through <= 2.1.3.
CVE-2025-31593	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OpenMenu OpenMenu open-menu allows Stored XSS.This issue affects OpenMenu: from n/a through <= 3.5.
CVE-2025-31591	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in promoz73 Exit Popup Free exit-popup-free allows Stored XSS.This issue affects Exit Popup Free: from n/a through <= 1.0.
CVE-2025-31590	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Denra.com WP Date and Time Shortcode wp-date-and-time-shortcode allows Stored XSS.This issue affects WP Date and Time Shortcode: from n/a through <= 2.6.7.

« first previous Page 142 of 595. next last »