Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 6026 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-60177	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp allows Stored XSS. This issue affects Recaptcha – wp: from n/a through 0.2.6.
CVE-2025-60163	1 Wordpress	1 Wordpress	2025-09-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin W bbp topic count allows DOM-Based XSS. This issue affects bbp topic count: from n/a through 3.1.
CVE-2025-60126	2 Pluginops, Wordpress	2 Testimonial Slider, Wordpress	2025-09-29	8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider allows PHP Local File Inclusion. This issue affects Testimonial Slider: from n/a through 3.5.8.6.
CVE-2025-60120	2 Wordpress, Wpdirectorykit	2 Wordpress, Wp Directory Kit	2025-09-29	5.3 Medium
Missing Authorization vulnerability in wpdirectorykit WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Directory Kit: from n/a through 1.3.8.
CVE-2025-60139	2 Joovii, Wordpress	2 Sendle Shipping, Wordpress	2025-09-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping allows Cross Site Request Forgery. This issue affects Sendle Shipping: from n/a through 6.02.
CVE-2025-60137	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video allows Cross Site Request Forgery. This issue affects Post Featured Video: from n/a through 1.7.
CVE-2025-60127	2 Artistscope, Wordpress	2 Copysafe Web Protection, Wordpress	2025-09-29	5.4 Medium
Missing Authorization vulnerability in ArtistScope CopySafe Web Protection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CopySafe Web Protection: from n/a through 4.3.
CVE-2025-60165	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7.
CVE-2025-60171	3 Woocommerce, Wordpress, Yourplugins	3 Woocommerce, Wordpress, Conditional Cart Messages For Woocommerce	2025-09-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.10.
CVE-2025-60113	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu allows Cross Site Request Forgery. This issue affects Groovy Menu: from n/a through 1.4.3.
CVE-2025-60167	3 Elementor, Honzat, Wordpress	3 Elementor, Page Manager For Elementor, Wordpress	2025-09-29	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5.
CVE-2025-60146	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amit Verma Map Categories to Pages allows Stored XSS. This issue affects Map Categories to Pages: from n/a through 1.3.2.
CVE-2025-60158	3 Webmaniabr, Woocommerce, Wordpress	3 Nota Fiscal Eletronica, Woocommerce, Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Stored XSS. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6.
CVE-2025-60149	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Ott Notely allows Stored XSS. This issue affects Notely: from n/a through 1.8.0.
CVE-2025-60161	1 Wordpress	1 Wordpress	2025-09-29	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlocks allows Server Side Request Forgery. This issue affects ZoloBlocks: from n/a through 2.3.9.
CVE-2025-60159	3 Webmaniabr, Woocommerce, Wordpress	3 Nota Fiscal Eletronica, Woocommerce, Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6.
CVE-2025-60129	1 Wordpress	1 Wordpress	2025-09-29	5.3 Medium
Missing Authorization vulnerability in Yext Yext allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yext: from n/a through 1.1.3.
CVE-2025-60114	1 Wordpress	1 Wordpress	2025-09-29	6.6 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability in YayCommerce YayCurrency allows Code Injection. This issue affects YayCurrency: from n/a through 3.2.
CVE-2025-60128	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in WP Delicious Delisho allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delisho: from n/a through 1.1.3.
CVE-2025-60142	1 Wordpress	1 Wordpress	2025-09-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags allows DOM-Based XSS. This issue affects Simple Meta Tags: from n/a through 1.5.

« first previous Page 8 of 302. next last »