Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8371 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53291	1 Wordpress	1 Wordpress	2025-09-11	5.4 Medium
Missing Authorization vulnerability in spoddev2021 Spreadconnect. This issue affects Spreadconnect: from n/a through 2.1.5.
CVE-2025-48101	2 Webdevstudios, Wordpress	2 Constant Contact For Wordpress, Wordpress	2025-09-11	8.8 High
Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1.
CVE-2025-53340	2 Getawesomesupport, Wordpress	2 Awesome Support, Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in awesomesupport Awesome Support. This issue affects Awesome Support: from n/a through 6.3.4.
CVE-2025-47571	1 Wordpress	1 Wordpress	2025-09-11	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder. This issue affects Super Store Finder: from n/a through 6.9.7.
CVE-2025-53348	2 Laborator, Wordpress	2 Kalium, Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in Laborator Kalium. This issue affects Kalium: from n/a through 3.18.3.
CVE-2025-39523	2 Goodbarber, Wordpress	2 Goodbarber, Wordpress	2025-09-11	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in GoodBarber GoodBarber. This issue affects GoodBarber: from n/a through 1.0.26.
CVE-2025-47694	1 Wordpress	1 Wordpress	2025-09-11	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a through 3.4.7.
CVE-2025-39541	1 Wordpress	1 Wordpress	2025-09-11	6.5 Medium
Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar. This issue affects WP Simple Booking Calendar: from n/a through 2.0.13.
CVE-2025-39553	1 Wordpress	1 Wordpress	2025-09-11	4.3 Medium
Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9.
CVE-2025-47579	1 Wordpress	1 Wordpress	2025-09-11	9 Critical
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2.
CVE-2025-58988	1 Wordpress	1 Wordpress	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Dolson My Tickets allows Stored XSS. This issue affects My Tickets: from n/a through 2.0.22.
CVE-2025-58991	3 Cristiano Zanca, Woocommerce, Wordpress	3 Woocommerce Booking Bundle Hours, Woocommerce, Wordpress	2025-09-11	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.
CVE-2025-59008	1 Wordpress	1 Wordpress	2025-09-11	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PressTigers ZIP Code Based Content Protection allows SQL Injection. This issue affects ZIP Code Based Content Protection: from n/a through 1.0.0.
CVE-2025-58997	1 Wordpress	1 Wordpress	2025-09-11	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10.
CVE-2025-58984	2 Welcart, Wordpress	2 E-commerce, Wordpress	2025-09-11	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.
CVE-2025-59005	2 Frenify, Wordpress	2 Categorify, Wordpress	2025-09-11	4.3 Medium
Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5.
CVE-2025-58993	2 Themeum, Wordpress	2 Tutor Lms, Wordpress	2025-09-11	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 3.7.4.
CVE-2025-58975	1 Wordpress	1 Wordpress	2025-09-11	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1.
CVE-2025-58976	1 Wordpress	1 Wordpress	2025-09-11	4.3 Medium
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
CVE-2025-58978	2 Wordpress, Wpswings	2 Wordpress, Pdf Generator For Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.

« first previous Page 147 of 419. next last »