Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11498 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-31861	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPOrbit Support Perfect Font Awesome Integration perfect-font-awesome-integration allows Stored XSS.This issue affects Perfect Font Awesome Integration: from n/a through <= 2.3.
CVE-2025-31860	2 Wordpress, Wpeka	2 Wordpress, Wp Adcenter	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.5.8.
CVE-2025-31858	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in matthewrubin Local Magic local-magic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Local Magic: from n/a through <= 2.9.0.
CVE-2025-31856	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in brainvireinfo Export All Post Meta export-all-post-meta allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export All Post Meta: from n/a through <= 1.2.1.
CVE-2025-31855	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softnwords SMM API smm-api allows Stored XSS.This issue affects SMM API: from n/a through <= 6.0.31.
CVE-2025-31853	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erez Hadas-Sonnenschein Smartarget Popup smartarget-popup allows Stored XSS.This issue affects Smartarget Popup: from n/a through <= 1.5.
CVE-2025-31847	2 Themelooks, Wordpress	2 Mfolio Lite, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themelooks mFolio Lite mfolio-lite allows DOM-Based XSS.This issue affects mFolio Lite: from n/a through <= 1.2.3.
CVE-2025-31845	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Rohit Choudhary Theme Duplicator theme-duplicator allows Cross Site Request Forgery.This issue affects Theme Duplicator: from n/a through <= 1.1.
CVE-2025-31844	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Blocks magical-blocks allows Stored XSS.This issue affects Magical Blocks: from n/a through <= 1.0.12.
CVE-2025-31842	1 Wordpress	1 Wordpress	2026-04-01	N/A
Insertion of Sensitive Information Into Sent Data vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Retrieve Embedded Sensitive Data.This issue affects Viral Loops WP Integration: from n/a through <= 3.4.0.
CVE-2025-31841	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails fpw-category-thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FPW Category Thumbnails: from n/a through <= 1.9.5.
CVE-2025-31838	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eventbee Eventbee RSVP Widget eventbee-rsvp-widget allows DOM-Based XSS.This issue affects Eventbee RSVP Widget: from n/a through <= 1.0.
CVE-2025-31836	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through <= 2.5.0.
CVE-2025-31835	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brice Capobianco WP Plugin Info Card wp-plugin-info-card allows DOM-Based XSS.This issue affects WP Plugin Info Card: from n/a through <= 5.3.0.
CVE-2025-31834	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in themeglow JobBoard Job listing job-board-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.
CVE-2025-31833	1 Wordpress	1 Wordpress	2026-04-01	N/A
Authorization Bypass Through User-Controlled Key vulnerability in themeglow JobBoard Job listing job-board-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.
CVE-2025-31832	1 Wordpress	1 Wordpress	2026-04-01	N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beee ACF City Selector acf-city-selector allows Retrieve Embedded Sensitive Data.This issue affects ACF City Selector: from n/a through <= 1.17.0.
CVE-2025-31831	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Team AtomChat AtomChat atomchat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through <= 1.1.7.
CVE-2025-31830	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Uriahs Victor Printus printus-cloud-printing-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printus: from n/a through <= 1.2.6.
CVE-2025-31822	2 Ashish Ajani, Wordpress	2 Wp Simple Html Sitemap, Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.5.

« first previous Page 88 of 575. next last »