Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7122 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-49929	2 Ultimateblocks, Wordpress	2 Ultimateblocks, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows Stored XSS.This issue affects Ultimate Blocks: from n/a through <= 3.3.6.
CVE-2025-49928	2 Crocoblock, Wordpress	2 Jetformbuilder, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows DOM-Based XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.
CVE-2025-49927	2 Crocoblock, Wordpress	2 Jetformbuilder, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows Stored XSS.This issue affects JetWooBuilder: from n/a through <= 2.1.20.1.
CVE-2025-49926	2 Laborator, Wordpress	2 Kalium, Wordpress	2025-11-13	7.3 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25.
CVE-2025-49925	1 Wordpress	1 Wordpress	2025-11-13	7.3 High
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
CVE-2025-49924	1 Wordpress	1 Wordpress	2025-11-13	7.3 High
Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2.
CVE-2025-49923	2 Craighewitt, Wordpress	2 Seriously Simple Podcasting, Wordpress	2025-11-13	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.11.1.
CVE-2025-49922	2 Etruel, Wordpress	2 Wpematico Rss Feed Fetcher, Wordpress	2025-11-13	4.3 Medium
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.
CVE-2025-49921	1 Wordpress	1 Wordpress	2025-11-13	7.3 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CrocoBlock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through <= 3.0.0.
CVE-2025-60198	2 Dedalx, Wordpress	2 Saxon, Wordpress	2025-11-13	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing WordPress Theme: from n/a through <= 1.9.3.
CVE-2025-6327	2 Kingaddons, Wordpress	2 King Addons For Elementor, Wordpress	2025-11-13	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.
CVE-2025-6325	2 Kingaddons, Wordpress	2 King Addons For Elementor, Wordpress	2025-11-13	9.8 Critical
Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.
CVE-2025-64368	1 Wordpress	1 Wordpress	2025-11-13	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6.
CVE-2025-64367	2 Groundhogg, Wordpress	2 Groundhogg, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6.
CVE-2025-64366	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2025-11-13	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.6.27.
CVE-2025-64365	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through <= 3.6.0.
CVE-2025-64364	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2025-11-13	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126.
CVE-2025-64363	1 Wordpress	1 Wordpress	2025-11-13	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0.
CVE-2025-64362	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through < 5.5.0.
CVE-2025-64361	2 Stylemixthemes, Wordpress	2 Consulting Elementor Widgets, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This issue affects Consulting Elementor Widgets: from n/a through <= 1.4.2.

« first previous Page 6 of 357. next last »