Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7122 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64360	2 Stylemixthemes, Wordpress	2 Consulting Elementor Widgets, Wordpress	2025-11-13	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through <= 1.4.2.
CVE-2025-64359	2 Stylemixthemes, Wordpress	2 Consulting, Wordpress	2025-11-13	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue affects Consulting: from n/a through < 6.7.5.
CVE-2025-64358	3 Webtoffee, Woocommerce, Wordpress	3 Smart Coupons For Woocommerce, Woocommerce, Wordpress	2025-11-13	4.3 Medium
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through <= 2.2.3.
CVE-2025-64357	1 Wordpress	1 Wordpress	2025-11-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner advanced-database-cleaner allows Cross Site Request Forgery.This issue affects Advanced Database Cleaner: from n/a through <= 3.1.6.
CVE-2025-64356	2 F1logic, Wordpress	2 Insert Php Code Snippet, Wordpress	2025-11-13	4.3 Medium
Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Code Snippet: from n/a through <= 1.4.3.
CVE-2025-64354	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through <= 21.8.2.
CVE-2025-64353	1 Wordpress	1 Wordpress	2025-11-13	8.8 High
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3.
CVE-2025-64352	2 Wordpress, Wpdeveloper	2 Wordpress, Essential Addons For Elementor	2025-11-13	2.7 Low
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.
CVE-2025-64351	2 Rank Math Seo, Wordpress	2 Rank Math Seo, Wordpress	2025-11-13	4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Retrieve Embedded Sensitive Data.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
CVE-2025-64350	2 Rank Math Seo, Wordpress	2 Rank Math Seo, Wordpress	2025-11-13	3.8 Low
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through <= 1.0.252.1.
CVE-2025-64294	1 Wordpress	1 Wordpress	2025-11-13	5.3 Medium
Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through 1.1.15.
CVE-2025-64291	2 Premmerce, Wordpress	2 User Roles, Wordpress	2025-11-13	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
CVE-2025-64290	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Product Search For Woocommerce, Woocommerce and 1 more	2025-11-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
CVE-2025-64289	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Product Search For Woocommerce, Woocommerce and 1 more	2025-11-13	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
CVE-2025-64288	2 Premmerce, Wordpress	2 Premmerce, Wordpress	2025-11-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through <= 1.3.19.
CVE-2025-64287	2 Edge-themes, Wordpress	2 Alloggio Hotel Booking, Wordpress	2025-11-13	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Alloggio - Hotel Booking alloggio allows PHP Local File Inclusion.This issue affects Alloggio - Hotel Booking: from n/a through <= 1.8.
CVE-2025-64286	2 Wordpress, Wpestate	2 Wordpress, Wp Rentals	2025-11-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP Rentals wprentals allows Cross Site Request Forgery.This issue affects WP Rentals: from n/a through <= 3.13.1.
CVE-2025-64285	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Wholesale Pricing For Woocommerce, Woocommerce and 1 more	2025-11-13	5.4 Medium
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
CVE-2025-64284	2 Majesticsupport, Wordpress	2 Majestic Support, Wordpress	2025-11-13	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through <= 1.1.1.
CVE-2025-64283	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.

« first previous Page 7 of 357. next last »