Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11698 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-32149	2 Blueglass, Wordpress	2 Jobs For Wordpress, Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.This issue affects Jobs for WordPress: from n/a through 2.7.5.
CVE-2023-49861	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in socialmediafeather Social Media Feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through 2.1.3.
CVE-2024-34804	1 Wordpress	1 Wordpress	2025-07-13	5.4 Medium
Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.
CVE-2023-48757	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2025-07-13	8.8 High
Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.
CVE-2023-47838	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conditional Fields for Contact Form 7: from n/a through 2.4.1.
CVE-2024-34568	2 Themeqx, Wordpress	2 Letterpress, Wordpress	2025-07-13	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1.
CVE-2024-25926	1 Wordpress	1 Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1.
CVE-2024-25922	1 Wordpress	1 Wordpress	2025-07-13	5.4 Medium
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.
CVE-2024-29801	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Petri Damstén Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11.
CVE-2024-32527	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jotform Jotform Online Forms allows Stored XSS.This issue affects Jotform Online Forms: from n/a through 1.3.1.
CVE-2024-32804	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46.
CVE-2024-37948	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PootlePress Caxton – Create Pro page layouts in Gutenberg allows Stored XSS.This issue affects Caxton – Create Pro page layouts in Gutenberg: from n/a through 1.30.1.
CVE-2024-29096	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic.This issue affects MJM Clinic: from n/a through 1.1.22.
CVE-2023-32599	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22.
CVE-2024-22299	2 Foliovision, Wordpress	2 Fv Flowplayer Video Player, Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.
CVE-2024-30228	1 Wordpress	1 Wordpress	2025-07-13	9.9 Critical
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.
CVE-2024-33690	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio.This issue affects Financio: from n/a through 1.1.3.
CVE-2025-26892	1 Wordpress	1 Wordpress	2025-07-13	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.
CVE-2023-37984	2 Expresstech, Wordpress	2 Quiz And Survey Master, Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.
CVE-2024-35170	1 Wordpress	1 Wordpress	2025-07-13	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidden Depth Sticky banner allows Stored XSS.This issue affects Sticky banner: from n/a through 1.2.0.

« first previous Page 525 of 585. next last »