Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11882 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-30528	1 Wordpress	1 Wordpress	2026-04-23	9.3 Critical
Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos awesome-logos allows SQL Injection.This issue affects Awesome Logos: from n/a through <= 1.2.
CVE-2025-30527	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetoolbox My Bootstrap Menu my-bootstrap-menu allows Stored XSS.This issue affects My Bootstrap Menu: from n/a through <= 1.2.1.
CVE-2025-30522	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design cf7-material-design allows Stored XSS.This issue affects Contact Form 7 Material Design: from n/a through <= 1.0.0.
CVE-2025-30521	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top gp-back-to-top allows Cross Site Request Forgery.This issue affects GP Back To Top: from n/a through <= 3.0.
CVE-2025-29014	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu dzs-restaurantmenu allows Reflected XSS.This issue affects FoodMenu: from n/a through <= 1.20.
CVE-2025-29013	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order custom-post-order-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Category/Post Type Post order: from n/a through <= 1.6.0.
CVE-2025-29007	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in LMSACE LMSACE Connect lmsace-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LMSACE Connect: from n/a through <= 3.4.
CVE-2025-29004	2 Aa-team, Wordpress	3 Premium Age Verification Restriction For Wordpress, Responsive Coming Soon Landing Page Holding Page For Wordpress, Wordpress	2026-04-23	8.8 High
Incorrect Privilege Assignment vulnerability in AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress wordpress-flat-countdown allows Privilege Escalation.This issue affects Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through <= 3.0.
CVE-2025-29000	1 Wordpress	1 Wordpress	2026-04-23	7.5 High
Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form responsive-contact-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Multi-language Responsive Contact Form: from n/a through <= 2.8.
CVE-2025-28999	3 Woocommerce, Wordpress, Zoomit	3 Woocommerce, Wordpress, Woocommerce Shop Page Builder	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder dzs-wootable allows Reflected XSS.This issue affects WooCommerce Shop Page Builder: from n/a through <= 2.27.7.
CVE-2025-28997	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP AutoKeyword: from n/a through <= 1.0.
CVE-2025-28995	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1.
CVE-2025-28994	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1.
CVE-2025-28990	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This issue affects SNS Vicky: from n/a through <= 3.7.
CVE-2025-28989	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login read-more-login allows Stored XSS.This issue affects Read More Login: from n/a through <= 2.0.3.
CVE-2025-28988	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 4.9.3.
CVE-2025-28987	2 Pressforward, Wordpress	2 Pressforward, Wordpress	2026-04-23	6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through <= 5.9.5.
CVE-2025-28986	1 Wordpress	1 Wordpress	2026-04-23	8.2 High
Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin epicwin-subscribers allows SQL Injection.This issue affects Epicwin Plugin: from n/a through <= 1.5.
CVE-2025-28983	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect click-pledge-connect allows Privilege Escalation.This issue affects Click & Pledge Connect: from n/a through <= 25.04010101-WP6.8.
CVE-2025-28982	2 Thimpress, Wordpress	2 Wp Pipes, Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes wp-pipes allows SQL Injection.This issue affects WP Pipes: from n/a through <= 1.4.3.

« first previous Page 181 of 595. next last »