Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 6029 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58608	1 Wordpress	1 Wordpress	2025-09-04	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion. This issue affects MediaPress: from n/a through 1.5.9.1.
CVE-2025-58601	2 Radiustheme, Wordpress	2 Classified Listing, Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6.
CVE-2025-58617	1 Wordpress	1 Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects F4 Media Taxonomies: from n/a through 1.1.4.
CVE-2025-58612	2 Propertyhive, Wordpress	2 Propertyhive, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.5.
CVE-2025-58634	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4.
CVE-2025-58623	1 Wordpress	1 Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bohemia Plugins Event Feed for Eventbrite allows DOM-Based XSS. This issue affects Event Feed for Eventbrite: from n/a through 1.3.2.
CVE-2025-58621	2 Amuse Labs, Wordpress	2 Puzzleme Plugin, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amuse Labs PuzzleMe for WordPress allows Stored XSS. This issue affects PuzzleMe for WordPress: from n/a through 1.2.0.
CVE-2025-58597	1 Wordpress	1 Wordpress	2025-09-04	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6.
CVE-2025-58594	2 Brizy, Wordpress	2 Brizy, Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.
CVE-2025-58631	2 Wordpress, Zeen101	2 Wordpress, Issuem Plugin	2025-09-04	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 IssueM allows DOM-Based XSS. This issue affects IssueM: from n/a through 2.9.0.
CVE-2025-58593	2 Themeisle, Wordpress	2 Orbit Fox, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.
CVE-2025-58615	1 Wordpress	1 Wordpress	2025-09-04	4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro allows Server Side Request Forgery. This issue affects WP Bannerize Pro: from n/a through 1.10.0.
CVE-2025-58632	2 Dadevarzan, Wordpress	2 Wordpress Common Plugin, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common allows Stored XSS. This issue affects Dadevarzan WordPress Common: from n/a through 2.2.2.
CVE-2025-9616	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset cookie time settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-58616	1 Wordpress	1 Wordpress	2025-09-04	6.5 Medium
Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frisbii Pay: from n/a through 1.8.2.1.
CVE-2025-58613	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Posts Table with Search & Sort: from n/a through 1.4.10.
CVE-2025-58622	2 Wordpress, Yydevelopment	2 Wordpress, Mobile Contact Line Plugin	2025-09-04	4.3 Medium
Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0.
CVE-2025-58637	1 Wordpress	1 Wordpress	2025-09-04	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart allows PHP Local File Inclusion. This issue affects immonex Kickstart: from n/a through 1.11.6.
CVE-2025-58596	2 Mailoptin, Wordpress	2 Mailoptin, Wordpress	2025-09-04	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0.
CVE-2025-58607	2 Gdprinfo, Wordpress	2 Cookie Notice & Consent Banner For Gdpr & Ccpa Compliance, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance allows Stored XSS. This issue affects Cookie Notice & Consent Banner for GDPR & CCPA Compliance: from n/a through 1.7.11.

« first previous Page 38 of 302. next last »