Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11762 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-47579	2 Themegoods, Wordpress	2 Photography, Wordpress	2026-04-01	8.1 High
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2.
CVE-2025-47479	2 Wordpress, Wpcompress	2 Wordpress, Wp Compress	2026-04-01	9.8 Critical
Weak Authentication vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Authentication Abuse.This issue affects WP Compress: from n/a through <= 6.30.30.
CVE-2025-3702	2 Melapress, Wordpress	2 Melapress File Monitor, Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0.
CVE-2025-39490	2 Qodeinteractive, Wordpress	2 Backpack Traveler, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2.
CVE-2025-39354	2 Themegoods, Wordpress	2 Grand Conference, Wordpress	2026-04-01	N/A
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference grandconference allows Object Injection.This issue affects Grand Conference: from n/a through <= 5.3.
CVE-2025-32660	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-04-01	9.8 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-32626	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-04-01	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-32519	2 Themeatelier, Wordpress	2 Idonate, Wordpress	2026-04-01	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affects IDonate: from n/a through <= 2.1.18.
CVE-2025-32151	2 Themekraft, Wordpress	2 Buddyforms, Wordpress	2026-04-01	8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through <= 2.9.0.
CVE-2025-32149	2 Mtrv, Wordpress	2 Teachpress, Wordpress	2026-04-01	8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11.
CVE-2025-32146	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-31910	2 Reputeinfosystems, Wordpress	2 Bookingpress, Wordpress	2026-04-01	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through <= 1.1.28.
CVE-2025-31867	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-04-01	N/A
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-30974	2 Addonmaster, Wordpress	2 Post Grid Master, Wordpress	2026-04-01	8.8 High
Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid Master: from n/a through <= 3.4.17.
CVE-2025-30901	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2.
CVE-2025-30899	2 Wordpress, Wpeverest	3 Wordpress, User Registration, User Registration \& Membership	2026-04-01	4.8 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registration: from n/a through <= 4.0.3.
CVE-2025-30882	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-04-01	N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1.
CVE-2025-30881	2 Themehunk, Wordpress	2 Big Store, Wordpress	2026-04-01	5.4 Medium
Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through <= 2.0.8.
CVE-2025-30880	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2.
CVE-2025-30610	2 Catchsquare, Wordpress	2 Wp Social Widget, Wordpress	2026-04-01	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.2.7.

« first previous Page 509 of 589. next last »