Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11921 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53583	1 Wordpress	1 Wordpress	2026-04-15	N/A
Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight employee-spotlight allows Object Injection.This issue affects Employee Spotlight: from n/a through <= 5.1.1.
CVE-2025-49929	2 Ultimateblocks, Wordpress	2 Ultimateblocks, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows Stored XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.6.
CVE-2025-49931	1 Wordpress	1 Wordpress	2026-04-15	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through <= 3.5.10.
CVE-2025-49932	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlog jet-blog allows Stored XSS.This issue affects JetBlog: from n/a through <= 2.4.4.1.
CVE-2025-49933	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through <= 2.4.4.
CVE-2025-31011	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Reflected XSS.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.2.2.
CVE-2025-49938	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.3.
CVE-2025-49940	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows DOM-Based XSS.This issue affects Fusion Builder: from n/a through <= 3.13.2.
CVE-2025-49947	3 Extendons, Woocommerce, Wordpress	3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3.
CVE-2025-49948	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad Awais WP Super Edit wp-super-edit allows Reflected XSS.This issue affects WP Super Edit: from n/a through <= 2.5.4.
CVE-2025-49954	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mithra62 WP-Click-Tracker wp-click-track allows Reflected XSS.This issue affects WP-Click-Tracker: from n/a through <= 0.7.3.
CVE-2025-49961	1 Wordpress	1 Wordpress	2026-04-15	6.3 Medium
Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through <= 1.4.0.
CVE-2025-49963	2 Growniche, Wordpress	2 Simple Stripe Checkout, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through <= 1.1.28.
CVE-2025-23430	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager mass-custom-fields-manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through <= 1.5.
CVE-2025-23443	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Claire Ryan Author Showcase author-showcase allows Reflected XSS.This issue affects Author Showcase: from n/a through <= 1.4.3.
CVE-2025-23457	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shipdeoplugin Shipdeo shipdeo-woo allows Reflected XSS.This issue affects Shipdeo: from n/a through <= 1.2.8.
CVE-2025-23460	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rhizomaticweb RWS Enquiry And Lead Follow-up rws-enquiry allows Reflected XSS.This issue affects RWS Enquiry And Lead Follow-up: from n/a through <= 1.0.
CVE-2025-50004	2 Artbees, Wordpress	2 Jupiter X Core, Wordpress	2026-04-15	8.5 High
Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1.
CVE-2025-50005	2 Tagdiv, Wordpress	2 Composer, Wordpress	2026-04-15	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.
CVE-2025-23471	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Add to Cart Button ect-add-to-cart-button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through <= 1.4.

« first previous Page 234 of 597. next last »