Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 5054 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-54673	2 Ays-pro, Wordpress	2 Chartify, Wordpress	2025-08-14	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify allows Cross Site Request Forgery. This issue affects Chartify: from n/a through 3.5.3.
CVE-2025-54685	1 Wordpress	1 Wordpress	2025-08-14	6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data. This issue affects SureDash: from n/a through 1.1.0.
CVE-2025-52823	1 Wordpress	1 Wordpress	2025-08-14	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio allows SQL Injection. This issue affects Cube Portfolio: from n/a through 1.16.8.
CVE-2025-54686	1 Wordpress	1 Wordpress	2025-08-14	9.8 Critical
Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2.
CVE-2025-52806	2 Eyecix, Wordpress	2 Jobsearch, Wordpress	2025-08-14	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This issue affects JobSearch: from n/a through 2.9.0.
CVE-2025-52801	1 Wordpress	1 Wordpress	2025-08-14	7.3 High
Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects TheBooking: from n/a through 1.4.4.
CVE-2025-52800	1 Wordpress	1 Wordpress	2025-08-14	7.3 High
Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.
CVE-2025-52788	1 Wordpress	1 Wordpress	2025-08-14	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionPix: from n/a through 1.8.
CVE-2025-52785	1 Wordpress	1 Wordpress	2025-08-14	7.1 High
Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMM API: from n/a through 6.0.30.
CVE-2025-52732	1 Wordpress	1 Wordpress	2025-08-14	8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 Google Map Targeting allows PHP Local File Inclusion. This issue affects Google Map Targeting: from n/a through 1.1.6.
CVE-2025-52721	2 Lcweb, Wordpress	2 Global Gallery, Wordpress	2025-08-14	6.5 Medium
Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3.
CVE-2025-52720	1 Wordpress	1 Wordpress	2025-08-14	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection. This issue affects Super Store Finder: from n/a through 7.5.
CVE-2025-52716	1 Wordpress	1 Wordpress	2025-08-14	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This issue affects WP REST Cache: from n/a through 2025.1.0.
CVE-2025-54701	1 Wordpress	1 Wordpress	2025-08-14	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP Local File Inclusion. This issue affects Unicamp: from n/a through 2.6.3.
CVE-2025-49065	1 Wordpress	1 Wordpress	2025-08-14	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter allows Stored XSS. This issue affects Visit Counter: from n/a through 1.0.
CVE-2025-49052	1 Wordpress	1 Wordpress	2025-08-14	4.3 Medium
Missing Authorization vulnerability in Dariolee Netease Music allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netease Music: from n/a through 3.2.1.
CVE-2025-49051	1 Wordpress	1 Wordpress	2025-08-14	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode allows Stored XSS. This issue affects Hide Text Shortcode: from n/a through 1.1.
CVE-2025-49048	1 Wordpress	1 Wordpress	2025-08-14	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps allows Stored XSS. This issue affects Inspectlet – User Session Recording and Heatmaps: from n/a through 2.0.
CVE-2025-49047	1 Wordpress	1 Wordpress	2025-08-14	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeross DigitalOcean Spaces Sync allows Stored XSS. This issue affects DigitalOcean Spaces Sync: from n/a through 2.2.1.
CVE-2025-49033	2 Metagauss, Wordpress	2 Profilegrid, Wordpress	2025-08-14	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.3.

« first previous Page 9 of 253. next last »