Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11882 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-26943	1 Wordpress	1 Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes easy-quotes allows Blind SQL Injection.This issue affects Easy Quotes: from n/a through <= 1.2.2.
CVE-2025-26941	1 Wordpress	1 Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin allows SQL Injection.This issue affects Church Admin: from n/a through <= 5.0.18.
CVE-2025-26936	1 Wordpress	1 Wordpress	2026-04-23	10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects Fresh Framework: from n/a through <= 1.70.0.
CVE-2025-26933	1 Wordpress	1 Wordpress	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through <= 2.6.7.
CVE-2025-26932	2 Quantumcloud, Wordpress	3 Chatbot, Wpbot, Wordpress	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through <= 6.3.5.
CVE-2025-26930	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services home-services allows DOM-Based XSS.This issue affects Home Services: from n/a through <= 1.2.6.
CVE-2025-26927	2 Epc, Wordpress	2 Ai Hub Plugin, Wordpress	2026-04-23	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through <= 1.3.7.
CVE-2025-26926	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in fs-code Booknetic booknetic.This issue affects Booknetic: from n/a through <= 4.0.9.
CVE-2025-26925	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager admin-menu-manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through <= 1.0.3.
CVE-2025-26924	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability in colabrio Ohio Extra ohio-extra allows Code Injection.This issue affects Ohio Extra: from n/a through <= 3.4.7.
CVE-2025-26923	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows Stored XSS.This issue affects Event post: from n/a through <= 5.9.8.
CVE-2025-26920	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through <= 0.4.8.
CVE-2025-26916	2 Epc, Wordpress	2 Massive Dynamic Plugin, Wordpress	2026-04-23	9 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pixflow Massive Dynamic massive-dynamic.This issue affects Massive Dynamic: from n/a through <= 8.2.
CVE-2025-26911	2 Bowo, Wordpress	2 System Dashboard, Wordpress	2026-04-23	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Bowo System Dashboard system-dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects System Dashboard: from n/a through <= 2.8.18.
CVE-2025-26908	1 Wordpress	1 Wordpress	2026-04-23	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör kargo-entegrator allows SQL Injection.This issue affects Kargo Entegratör: from n/a through <= 1.1.14.
CVE-2025-26904	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gal_op WP Responsive Auto Fit Text wp-responsive-slab-text allows DOM-Based XSS.This issue affects WP Responsive Auto Fit Text: from n/a through <= 0.2.
CVE-2025-26898	1 Wordpress	1 Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
CVE-2025-26893	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kiran Potphode Easy Charts easy-charts allows DOM-Based XSS.This issue affects Easy Charts: from n/a through <= 1.2.3.
CVE-2025-26892	1 Wordpress	1 Wordpress	2026-04-23	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura celestial-aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through <= 2.2.
CVE-2025-26889	1 Wordpress	1 Wordpress	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hockeydata hockeydata LOS hockeydata-los allows PHP Local File Inclusion.This issue affects hockeydata LOS: from n/a through <= 1.2.4.

« first previous Page 195 of 595. next last »