Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11698 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-56017	1 Wordpress	1 Wordpress	2025-07-12	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23.
CVE-2024-31931	2 Pdfcrowd, Wordpress	2 Save As Image, Wordpress	2025-07-12	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 .
CVE-2023-41952	1 Wordpress	1 Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8.
CVE-2024-32094	1 Wordpress	1 Wordpress	2025-07-12	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church Content – Sermons, Events and More.This issue affects Church Content – Sermons, Events and More: from n/a through 2.6.
CVE-2023-49758	1 Wordpress	1 Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in Veribo, Roland Murg WP Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through 2.0.19.2.
CVE-2024-35683	2 Teplitsa Of Social Technologies, Wordpress	2 Leyka, Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1.
CVE-2024-34564	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through 2.2.1.
CVE-2023-48318	2 Codepeople, Wordpress	2 Contact Form Email, Wordpress	2025-07-12	5.3 Medium
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41.
CVE-2023-52176	2 Miniorange, Wordpress	2 Malware Scanner, Wordpress	2025-07-12	5.3 Medium
Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1.
CVE-2024-31096	1 Wordpress	1 Wordpress	2025-07-12	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4.
CVE-2025-39536	1 Wordpress	1 Wordpress	2025-07-12	8.2 High
Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6.
CVE-2023-45000	2 Litespeed Technologies, Wordpress	2 Litespeed Cache, Wordpress	2025-07-12	8.2 High
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.
CVE-2024-38697	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Rahimi Goftino allows Stored XSS.This issue affects Goftino: from n/a through 1.6.
CVE-2024-34752	2 Pluginops, Wordpress	2 Landing Page Builder, Wordpress	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.
CVE-2024-27958	2 Themeisle, Wordpress	2 Visualizer, Wordpress	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5.
CVE-2024-32532	2 Siteground, Wordpress	2 Speed Optimizer, Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in SiteGround Speed Optimizer.This issue affects Speed Optimizer: from n/a through 7.4.6.
CVE-2025-46453	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreatorTeam Zoho Creator Forms allows Stored XSS. This issue affects Zoho Creator Forms: from n/a through 1.0.5.
CVE-2022-45811	1 Wordpress	1 Wordpress	2025-07-12	5.4 Medium
Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.
CVE-2024-31085	1 Wordpress	1 Wordpress	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob Marsh, SJ Post-Plugin Library allows Reflected XSS.This issue affects Post-Plugin Library: from n/a through 2.6.2.1.
CVE-2024-32814	2 Wordpress, Zorem	2 Wordpress, Advanced Local Pickup For Woocommerce	2025-07-12	5.3 Medium
Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1.

« first previous Page 539 of 585. next last »