Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11910 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-31093	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Tsvetkov Broken Images allows Cross-Site Scripting (XSS).This issue affects Broken Images: from n/a through 0.2.
CVE-2024-31102	1 Wordpress	1 Wordpress	2026-04-15	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scimone Ignazio Prenotazioni allows Stored XSS.This issue affects Prenotazioni: from n/a through 1.7.4.
CVE-2025-26550	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Kunal Shivale Global Meta Keyword & Description global-meta-keyword-and-description allows Stored XSS.This issue affects Global Meta Keyword & Description: from n/a through <= 2.3.
CVE-2024-31114	1 Wordpress	1 Wordpress	2026-04-15	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.
CVE-2024-31118	2 Smartypantsplugins, Wordpress	2 Sp Project & Document Manager, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70.
CVE-2024-31121	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Contributor Cross Site Scripting (XSS) in HeartThis <= 0.1.0 versions.
CVE-2024-31123	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebDorado SpiderFAQ allows Reflected XSS.This issue affects SpiderFAQ: from n/a through 1.3.2.
CVE-2025-13525	2 Listingthemes, Wordpress	2 Wpdirectory Kit, Wordpress	2026-04-15	6.1 Medium
The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order_by' parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-51930	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IronFeet Custom URL Shortener custom-url-shorter allows Stored XSS.This issue affects Custom URL Shortener: from n/a through <= 0.3.6.
CVE-2024-51936	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eSparkBiz ESB Testimonials esb-testimonials allows Stored XSS.This issue affects ESB Testimonials: from n/a through <= 1.0.0.
CVE-2024-31239	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3.
CVE-2025-5720	2 Cusrev, Wordpress	2 Customer Reviews For Woocommerce, Wordpress	2026-04-15	6.4 Medium
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author’ parameter in all versions up to, and including, 5.80.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-53996	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch jet-search allows Stored XSS.This issue affects JetSearch: from n/a through <= 3.5.10.1.
CVE-2025-5803	2 Vikwp, Wordpress	2 Vikbooking Hotel Booking Engine & Pms, Wordpress	2026-04-15	8.8 High
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.
CVE-2025-58207	2 Wordpress, Wpmessiah	2 Wordpress, Ai Image Alt Text Generator For Wp	2026-04-15	8.2 High
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.5.
CVE-2025-58627	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through < 2.0.9.
CVE-2025-58638	2 E-plugins, Wordpress	2 Institutions Directory, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through <= 1.3.3.
CVE-2025-58972	2 Barcode Scanner, Wordpress	2 Barcode Scanner With Inventory & Order Manager, Wordpress	2026-04-15	7.2 High
Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4.
CVE-2025-58986	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in ganddser Jock On Air Now (JOAN) joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now (JOAN): from n/a through <= 6.0.4.
CVE-2025-58994	2 Designervily, Wordpress	2 Greenify, Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Greenify greenify allows PHP Local File Inclusion.This issue affects Greenify: from n/a through <= 2.2.

« first previous Page 348 of 596. next last »