Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7122 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64196	2 Pluggabl, Wordpress	2 Booster For Woocommerce, Wordpress	2025-11-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.2.5.
CVE-2025-64195	2 Thimpress, Wordpress	2 Eduma, Wordpress	2025-11-13	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion.This issue affects Eduma: from n/a through <= 5.7.6.
CVE-2025-64194	2 Thimpress, Wordpress	2 Eduma, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through <= 5.7.6.
CVE-2025-62988	1 Wordpress	1 Wordpress	2025-11-13	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.
CVE-2025-62987	2 Builderall, Wordpress	2 Builder For Wordpress, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.
CVE-2025-62986	1 Wordpress	1 Wordpress	2025-11-13	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through <= 0.6.
CVE-2025-62985	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through <= 1.6.3.
CVE-2025-62984	2 Wordpress, Wpeka	2 Wordpress, Wp Adcenter	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.6.1.
CVE-2025-62983	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through <= 3.2.1.
CVE-2025-62982	2 Sarah Giles, Wordpress	2 Dynamic User Directory, Wordpress	2025-11-13	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a through <= 2.3.
CVE-2025-62981	1 Wordpress	1 Wordpress	2025-11-13	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Phishing.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.8.
CVE-2025-62980	1 Wordpress	1 Wordpress	2025-11-13	8.8 High
Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03.
CVE-2025-62979	1 Wordpress	1 Wordpress	2025-11-13	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4.
CVE-2025-62978	1 Wordpress	1 Wordpress	2025-11-13	4.3 Medium
Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through <= 1.8.5.
CVE-2025-62977	1 Wordpress	1 Wordpress	2025-11-13	5.3 Medium
Missing Authorization vulnerability in 沃之涛百度站长SEO合集(支持百度/神马/Bing/头条推送) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集(支持百度/神马/Bing/头条推送): from n/a through <= 2.1.3.
CVE-2025-62976	2 Joovii, Wordpress	2 Sendle Shipping, Wordpress	2025-11-13	5.3 Medium
Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n/a through <= 6.02.
CVE-2025-62975	1 Wordpress	1 Wordpress	2025-11-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat raychat allows Cross Site Request Forgery.This issue affects Raychat: from n/a through <= 2.2.1.
CVE-2025-62974	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Stored XSS.This issue affects Headline Analyzer: from n/a through <= 1.3.7.
CVE-2025-62973	2 Themekraft, Wordpress	2 Buddyforms, Wordpress	2025-11-13	5.3 Medium
Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.
CVE-2025-62972	2 Webinarpress, Wordpress	2 Webinarpress, Wordpress	2025-11-13	4.3 Medium
Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28.

« first previous Page 9 of 357. next last »