Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11490 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-32613	2 Bowo, Wordpress	2 Debug Log Manager, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager debug-log-manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through <= 2.3.4.
CVE-2025-32610	2 Foliovision, Wordpress	2 Foliopress Wysiwyg, Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in FolioVision Foliopress WYSIWYG foliopress-wysiwyg allows Cross Site Request Forgery.This issue affects Foliopress WYSIWYG: from n/a through <= 2.6.18.
CVE-2025-32606	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium listings-for-buildium allows Stored XSS.This issue affects Listings for Buildium: from n/a through <= 0.1.5.
CVE-2025-32604	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Aslani AWSA Shipping awsa-shipping allows Reflected XSS.This issue affects AWSA Shipping: from n/a through <= 1.3.0.
CVE-2025-32602	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS wooms allows Reflected XSS.This issue affects WooMS: from n/a through <= 9.12.
CVE-2025-32601	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments twispay allows Reflected XSS.This issue affects Twispay Credit Card Payments: from n/a through <= 2.1.2.
CVE-2025-32596	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Code Injection.This issue affects Real Estate Manager: from n/a through <= 7.3.
CVE-2025-32595	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through < 1.5.0.
CVE-2025-32594	1 Wordpress	1 Wordpress	2026-04-01	N/A
Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events simple-wp-events allows Retrieve Embedded Sensitive Data.This issue affects Simple WP Events: from n/a through <= 1.8.17.
CVE-2025-32590	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tzin111 Web2application web2application allows Reflected XSS.This issue affects Web2application: from n/a through <= 6.1.
CVE-2025-32582	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Stored XSS.This issue affects WP AutoKeyword: from n/a through <= 1.0.
CVE-2025-32579	1 Wordpress	1 Wordpress	2026-04-01	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through <= 1.0.
CVE-2025-32578	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapro Collins Coming Soon Countdown coming-soon-countdown allows Reflected XSS.This issue affects Coming Soon Countdown: from n/a through <= 2.2.
CVE-2025-32577	2 Hakeemnala, Wordpress	2 Build App Online, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through <= 1.0.23.
CVE-2025-32571	1 Wordpress	1 Wordpress	2026-04-01	N/A
Deserialization of Untrusted Data vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Object Injection.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
CVE-2025-32567	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows SQL Injection.This issue affects Easy Post Duplicator: from n/a through <= 1.0.1.
CVE-2025-32563	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in dangrossman WP Calais Auto Tagger calais-auto-tagger allows Cross Site Request Forgery.This issue affects WP Calais Auto Tagger: from n/a through <= 2.0.
CVE-2025-32560	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohammad I. Okfie WP-Hijri wp-hijri allows Reflected XSS.This issue affects WP-Hijri: from n/a through <= 1.5.3.
CVE-2025-32559	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in REVE Chat REVE Chat revechat allows Stored XSS.This issue affects REVE Chat: from n/a through <= 6.4.4.
CVE-2025-32558	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ketanajani Duplicate Title Checker duplicate-title-checker allows Blind SQL Injection.This issue affects Duplicate Title Checker: from n/a through <= 1.2.

« first previous Page 80 of 575. next last »