Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 10417 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64228	2 Fantasticplugins, Wordpress	2 Sumo Affiliates Pro, Wordpress	2026-01-20	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0.
CVE-2025-64220	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8.
CVE-2025-64219	2 Strategy11, Wordpress	2 Business Directory Plugin - Easy Listing Directories, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.
CVE-2025-64200	3 Villatheme, Woocommerce, Wordpress	3 Woocommerce Email Template Customizer, Woocommerce, Wordpress	2026-01-20	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.17.
CVE-2025-64201	2 Blubrry, Wordpress	2 Powerpress Podcasting, Wordpress	2026-01-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through <= 11.13.12.
CVE-2025-64202	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.
CVE-2025-6325	2 Kingaddons, Wordpress	2 King Addons For Elementor, Wordpress	2026-01-20	9.8 Critical
Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.
CVE-2025-64198	2 Appscreo, Wordpress	2 Easy Social Share Buttons, Wordpress	2026-01-20	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through < 10.7.1.
CVE-2025-6327	2 Kingaddons, Wordpress	2 King Addons For Elementor, Wordpress	2026-01-20	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in KingAddons.com King Addons for Elementor king-addons allows Upload a Web Shell to a Web Server.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.
CVE-2025-64196	3 Booster, Pluggabl, Wordpress	3 Booster For Woocommerce, Booster For Woocommerce, Wordpress	2026-01-20	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.2.5.
CVE-2025-62950	2 Contest Gallery, Wordpress	2 Contest Gallery, Wordpress	2026-01-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.0.0.
CVE-2025-62914	2 Anibalwainstein, Wordpress	2 Effect Maker, Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in anibalwainstein Effect Maker effect-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Effect Maker: from n/a through <= 1.2.1.
CVE-2025-62067	1 Wordpress	1 Wordpress	2026-01-20	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through <= 2.5.
CVE-2025-62049	2 Stylemixthemes, Wordpress	2 Cost Calculator Builder, Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through <= 3.5.32.
CVE-2025-62044	2 Codexthemes, Wordpress	2 Thegem, Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.10.5.1.
CVE-2025-62047	1 Wordpress	1 Wordpress	2026-01-20	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through < 1.3.0.
CVE-2025-62075	1 Wordpress	1 Wordpress	2026-01-20	7.3 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through <= 2.4.6.
CVE-2025-62064	2 Elated-themes, Wordpress	2 Search And Go Directory, Wordpress	2026-01-20	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through <= 2.7.
CVE-2025-62065	1 Wordpress	1 Wordpress	2026-01-20	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5.
CVE-2025-62059	1 Wordpress	1 Wordpress	2026-01-20	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force SureRank surerank.This issue affects SureRank: from n/a through <= 1.3.2.

« first previous Page 139 of 521. next last »