Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11698 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-23790	1 Wordpress	1 Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wassereimer Easy Code Placement allows Reflected XSS. This issue affects Easy Code Placement: from n/a through 18.11.
CVE-2023-28990	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9.
CVE-2023-25790	2 Wordpress, Xtemos	2 Wordpress, Woodmart	2025-07-13	5.3 Medium
Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4.
CVE-2025-3853	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create valid API keys on behalf of other users.
CVE-2024-32950	1 Wordpress	1 Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.This issue affects WP Media Category Management: from n/a through 2.2.
CVE-2024-39666	2 Automattic, Wordpress	2 Woocommerce, Wordpress	2025-07-13	5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2.
CVE-2023-47778	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1.
CVE-2025-26969	1 Wordpress	1 Wordpress	2025-07-13	8.3 High
Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
CVE-2023-51425	1 Wordpress	1 Wordpress	2025-07-13	9.8 Critical
Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.
CVE-2024-35631	2 Foliovision, Wordpress	2 Fv Flowplayer Video Player, Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212.
CVE-2025-31630	1 Wordpress	1 Wordpress	2025-07-13	5.3 Medium
Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
CVE-2023-25469	2 Magazine3, Wordpress	2 Easy Table Of Contents, Wordpress	2025-07-13	5.4 Medium
Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2.
CVE-2023-48335	1 Wordpress	1 Wordpress	2025-07-13	3.7 Low
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9.
CVE-2024-32561	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tagembed allows Stored XSS.This issue affects Tagembed: from n/a through 4.7.
CVE-2024-33935	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB MailCrypt allows Stored XSS.This issue affects PB MailCrypt: from n/a through 3.1.0.
CVE-2025-22365	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3.
CVE-2024-24705	1 Wordpress	1 Wordpress	2025-07-13	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6.
CVE-2022-47604	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13.
CVE-2022-45850	1 Wordpress	1 Wordpress	2025-07-13	6.1 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9.
CVE-2024-32525	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6.

« first previous Page 528 of 585. next last »