Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11882 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-26916	2 Epc, Wordpress	2 Massive Dynamic Plugin, Wordpress	2026-04-15	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pixflow Massive Dynamic massive-dynamic.This issue affects Massive Dynamic: from n/a through <= 8.2.
CVE-2025-64381	2 Wordpress, Wpdevelop	2 Wordpress, Booking Calendar	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7.
CVE-2025-64382	2 Webtoffee, Wordpress	2 Order Export & Order Import For Woocommerce, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through <= 2.6.7.
CVE-2025-64383	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through <= 1.4.3.
CVE-2025-64384	1 Wordpress	1 Wordpress	2026-04-15	6.3 Medium
Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.
CVE-2025-26943	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Blind SQL Injection.This issue affects Easy Quotes: from n/a through <= 1.2.2.
CVE-2025-53221	2 Codeablepress, Wordpress	2 Codeablepress, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CodeablePress: from n/a through <= 1.0.2.
CVE-2025-53241	2 Kodeshpa, Wordpress	2 Simplified Plugin, Wordpress	2026-04-15	N/A
Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11.
CVE-2025-53249	2 Hakeemnala, Wordpress	2 Build App Online, Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.
CVE-2025-53330	2 Wordpress, Wpestate	2 Wordpress, Wp Rentals	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals wprentals allows Stored XSS.This issue affects WP Rentals: from n/a through <= 3.16.1.
CVE-2025-53341	2 Themovation, Wordpress	2 Stratus, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Themovation App, SaaS & Software Startup Tech Theme - Stratus stratusx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App, SaaS & Software Startup Tech Theme - Stratus: from n/a through <= 4.2.5.
CVE-2025-53342	2 Goodlayers, Wordpress	2 Modernize, Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize modernize allows Stored XSS.This issue affects Modernize: from n/a through <= 3.4.0.
CVE-2025-26992	2 Fatcatapps, Wordpress	2 Landing Page Cat, Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page Cat: from n/a through <= 1.7.8.
CVE-2025-53429	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Exit Game exit-game allows PHP Local File Inclusion.This issue affects Exit Game: from n/a through <= 1.4.3.
CVE-2025-53430	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Etta etta allows PHP Local File Inclusion.This issue affects Etta: from n/a through <= 1.14.0.
CVE-2025-53431	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Emberlyn emberlyn allows PHP Local File Inclusion.This issue affects Emberlyn: from n/a through <= 1.3.1.
CVE-2025-53432	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Echo echo allows PHP Local File Inclusion.This issue affects Echo: from n/a through <= 1.15.0.
CVE-2025-27002	1 Wordpress	1 Wordpress	2026-04-15	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.
CVE-2025-53434	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ChildHope childhope allows PHP Local File Inclusion.This issue affects ChildHope: from n/a through <= 1.1.8.
CVE-2024-32581	2 Lenderd, Wordpress	2 Mortgage Calculators Wp, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lenderd Mortgage Calculators WP allows Stored XSS.This issue affects Mortgage Calculators WP: from n/a through 1.56.

« first previous Page 460 of 595. next last »