Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11973 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-43834	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tox82 cookieBAR cookiebar allows Stored XSS.This issue affects cookieBAR: from n/a through <= 1.7.0.
CVE-2025-43832	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through <= 0.6.
CVE-2025-3703	2 Wipeoutmedia, Wordpress	2 Css & Javascript Toolbox, Wordpress	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS & JavaScript Toolbox: from n/a through < 12.0.3.
CVE-2025-3702	2 Melapress, Wordpress	2 Melapress File Monitor, Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0.
CVE-2025-3701	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner wp-malware-removal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through <= 16.8.
CVE-2025-39599	1 Wordpress	1 Wordpress	2026-04-23	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Webilia Inc. Listdom listdom allows Phishing.This issue affects Listdom: from n/a through <= 4.0.0.
CVE-2025-39597	1 Wordpress	1 Wordpress	2026-04-23	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Arthur Yarwood Fast eBay Listings fast-ebay-listings allows Phishing.This issue affects Fast eBay Listings: from n/a through <= 2.12.15.
CVE-2025-39596	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8.
CVE-2025-39595	1 Wordpress	1 Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows SQL Injection.This issue affects Quentn WP: from n/a through <= 1.2.8.
CVE-2025-39593	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting wp-ever-accounting allows Cross Site Request Forgery.This issue affects Ever Accounting: from n/a through <= 2.1.5.
CVE-2025-39580	1 Wordpress	1 Wordpress	2026-04-23	5.8 Medium
Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through <= 3.1.8.
CVE-2025-39576	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows Stored XSS.This issue affects WPAdverts: from n/a through <= 2.2.1.
CVE-2025-39575	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa wpcasa allows Stored XSS.This issue affects WPCasa: from n/a through <= 1.3.2.
CVE-2025-39573	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through <= 1.3.10.
CVE-2025-39561	2 Marketing Fire, Wordpress	2 Loginwp, Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro loginwp-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through <= 4.0.8.5.
CVE-2025-39560	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
CVE-2025-39555	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Stored XSS.This issue affects Church Admin: from n/a through <= 5.0.23.
CVE-2025-39553	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 5.0.9.
CVE-2025-39551	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Object Injection.This issue affects FluentBoards: from n/a through <= 1.47.
CVE-2025-39550	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity fluent-community allows Object Injection.This issue affects FluentCommunity: from n/a through <= 1.2.15.

« first previous Page 126 of 599. next last »