Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8467 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-39553	1 Wordpress	1 Wordpress	2025-09-11	4.3 Medium
Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9.
CVE-2025-53303	2 Thememove, Wordpress	2 Core, Wordpress	2025-09-11	8.8 High
Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core allows Object Injection. This issue affects ThemeMove Core: from n/a through 1.4.2.
CVE-2025-53340	2 Getawesomesupport, Wordpress	2 Awesome Support, Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in awesomesupport Awesome Support. This issue affects Awesome Support: from n/a through 6.3.4.
CVE-2025-49860	2 Majesticsupport, Wordpress	2 Majestic Support, Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in Majestic Support Majestic Support. This issue affects Majestic Support: from n/a through 1.1.0.
CVE-2025-47695	1 Wordpress	1 Wordpress	2025-09-11	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a through 3.4.7.
CVE-2025-47437	2 Litespeed Technologies, Wordpress	2 Litespeed Cache, Wordpress	2025-09-11	6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache. This issue affects LiteSpeed Cache: from n/a through 7.0.1.
CVE-2025-58977	2 Winwar, Wordpress	2 Wp Ebay Product Feeds, Wordpress	2025-09-11	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8.
CVE-2025-58982	2 Pixeline, Wordpress	2 Email Protector, Wordpress	2025-09-11	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through 1.3.8.
CVE-2025-58987	2 Antoineh, Wordpress	2 Football Pool, Wordpress	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.6.
CVE-2025-58980	2 Myrecorp, Wordpress	2 Export Wp Page To Static Html/css, Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0.
CVE-2025-58989	1 Wordpress	1 Wordpress	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text Field For Contact Form 7: from n/a through 1.0.
CVE-2025-58215	1 Wordpress	1 Wordpress	2025-09-11	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. This issue affects Ziston: from n/a through n/a.
CVE-2025-58976	1 Wordpress	1 Wordpress	2025-09-11	4.3 Medium
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
CVE-2025-58978	2 Wordpress, Wpswings	2 Wordpress, Pdf Generator For Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.
CVE-2025-58983	1 Wordpress	1 Wordpress	2025-09-11	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2.
CVE-2025-58979	2 Berqier, Wordpress	2 Berqwp, Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53.
CVE-2025-58981	1 Wordpress	1 Wordpress	2025-09-11	5.4 Medium
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
CVE-2025-58985	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Additional Custom Product Tabs For Woocommerce	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.3.
CVE-2025-58975	1 Wordpress	1 Wordpress	2025-09-11	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1.
CVE-2025-58988	1 Wordpress	1 Wordpress	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Dolson My Tickets allows Stored XSS. This issue affects My Tickets: from n/a through 2.0.22.

« first previous Page 152 of 424. next last »