Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11819 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64276	2 Ays-pro, Wordpress	2 Survey Maker, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4.
CVE-2025-23493	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moallemi Google Transliteration google-transliteration allows Reflected XSS.This issue affects Google Transliteration: from n/a through <= 1.7.2.
CVE-2025-23502	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Ned Curated Search curated-search allows Stored XSS.This issue affects Curated Search: from n/a through <= 1.2.
CVE-2025-52812	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo domnoo allows PHP Local File Inclusion.This issue affects Domnoo: from n/a through <= 1.49.
CVE-2025-23503	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osolwordpress Customizable Captcha and Contact Us customizable-captcha-and-contact-us-form allows Reflected XSS.This issue affects Customizable Captcha and Contact Us: from n/a through <= 1.0.2.
CVE-2025-64283	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.
CVE-2025-23504	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through <= 1.1.3.
CVE-2025-13486	2 Hwk-fr, Wordpress	2 Advanced Custom Fields, Wordpress	2026-04-15	9.8 Critical
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unauthenticated attackers to execute arbitrary code on the server, which can be leveraged to inject backdoors or create new administrative user accounts.
CVE-2025-26738	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Graham Quick Interest Slider quick-interest-slider allows DOM-Based XSS.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.
CVE-2025-64284	2 Majesticsupport, Wordpress	2 Majestic Support, Wordpress	2026-04-15	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through <= 1.0.7.
CVE-2024-32436	2 Codemenschen, Wordpress	2 Gift Vouchers, Wordpress	2026-04-15	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift Vouchers.This issue affects Gift Vouchers: from n/a through 4.4.0.
CVE-2025-28990	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This issue affects SNS Vicky: from n/a through <= 3.7.
CVE-2025-52824	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile DJ Manager: from n/a through <= 1.7.8.3.
CVE-2025-64285	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Wholesale Pricing For Woocommerce, Woocommerce and 1 more	2026-04-15	5.4 Medium
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
CVE-2025-64289	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Product Search For Woocommerce, Woocommerce and 1 more	2026-04-15	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.5.
CVE-2025-64292	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through <= 1.6.2.
CVE-2025-31094	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through <= 1.3.8.
CVE-2025-31460	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in danielmuldernl OmniLeads Scripts and Tags Manager omnileads-scripts-and-tags-manager allows Stored XSS.This issue affects OmniLeads Scripts and Tags Manager: from n/a through <= 1.3.
CVE-2025-30594	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in samsk Include URL include-url allows Path Traversal.This issue affects Include URL: from n/a through <= 0.3.5.
CVE-2025-30591	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in tuyennv Music Press Pro music-press-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Press Pro: from n/a through <= 1.4.6.

« first previous Page 99 of 591. next last »