Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7124 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62021	1 Wordpress	1 Wordpress	2025-11-13	4.3 Medium
Missing Authorization vulnerability in Made Neat Acknowledgify acknowledgify.This issue affects Acknowledgify: from n/a through <= 1.1.3.
CVE-2025-62020	2 Infomaniak, Wordpress	2 Vod Infomaniak, Wordpress	2025-11-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through <= 1.5.11.
CVE-2025-62019	2 Wordpress, Wpzoom	2 Wordpress, Recipe Card Blocks For Gutenberg & Elementor	2025-11-13	6.5 Medium
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.
CVE-2025-62018	2 Hogash, Wordpress	2 Kallyas, Wordpress	2025-11-13	5.3 Medium
Missing Authorization vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0.
CVE-2025-62017	2 Hogash, Wordpress	2 Kallyas, Wordpress	2025-11-13	5.4 Medium
Missing Authorization vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0.
CVE-2025-62016	2 Hogash, Wordpress	2 Kallyas, Wordpress	2025-11-13	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.22.0.
CVE-2025-62015	3 Josh Kohlbach, Woocommerce, Wordpress	4 Advanced Coupons For Woocommerce Coupons, Woocommerce, Woocommerce Smart Coupons and 1 more	2025-11-13	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.6.8.
CVE-2025-62014	1 Wordpress	1 Wordpress	2025-11-13	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through <= 1.1.42.
CVE-2025-62013	1 Wordpress	1 Wordpress	2025-11-13	4.3 Medium
Missing Authorization vulnerability in POSIMYTH UiChemy uichemy.This issue affects UiChemy: from n/a through <= 4.0.0.
CVE-2025-62012	3 Codexthemes, Elementor, Wordpress	3 Thegem, Elementor, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor) thegem-elementor.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.
CVE-2025-62011	2 Codexthemes, Wordpress	2 Thegem, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem thegem.This issue affects TheGem: from n/a through <= 5.10.5.
CVE-2025-62010	1 Wordpress	1 Wordpress	2025-11-13	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Famita famita allows PHP Local File Inclusion.This issue affects Famita: from n/a through <= 1.54.
CVE-2025-62009	1 Wordpress	1 Wordpress	2025-11-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2.
CVE-2025-62008	3 Acowebs, Woocommerce, Wordpress	3 Product Labels For Woocommerce, Woocommerce, Wordpress	2025-11-13	8.8 High
Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4.
CVE-2025-62007	1 Wordpress	1 Wordpress	2025-11-13	8.8 High
Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through <= 1.0.3.
CVE-2025-62006	2 Veronalabs, Wordpress	2 Wp Sms, Wordpress	2025-11-13	5.4 Medium
Missing Authorization vulnerability in VeronaLabs WP SMS wp-sms.This issue affects WP SMS: from n/a through <= 7.0.1.
CVE-2025-62005	3 Fantasticplugins, Woocommerce, Wordpress	3 Sumomemberships, Woocommerce, Wordpress	2025-11-13	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0.
CVE-2025-60248	2 Wordpress, Wpclever	2 Wordpress, Wpc Product Bundles For Woocommerce	2025-11-13	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through <= 1.8.6.
CVE-2025-60247	3 Bux, Woocommerce, Wordpress	3 Bux Woocommerce, Woocommerce, Wordpress	2025-11-13	6.5 Medium
Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.3.
CVE-2025-60246	1 Wordpress	1 Wordpress	2025-11-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through <= 1.0.

« first previous Page 18 of 357. next last »