Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11364 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32516	2 Kamleshyadav, Wordpress	2 Miraculous Core Plugin, Wordpress	2026-03-26	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2.
CVE-2026-32501	2 Wordpress, Wp-configurator	2 Wordpress, Wp Configurator Pro	2026-03-26	7.1 High
Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through <= 3.7.9.
CVE-2026-32441	2 Webtoffee, Wordpress	2 Wordpress Comments Import And Export, Wordpress	2026-03-26	7.7 High
Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through <= 2.4.9.
CVE-2026-27073	2 Addi, Wordpress	2 Addi – Cuotas Que Se Adaptan A Ti, Wordpress	2026-03-26	7.5 High
Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan a ti: from n/a through <= 2.0.4.
CVE-2026-25340	2 Nootheme, Wordpress	2 Jobmonster, Wordpress	2026-03-26	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through < 4.8.4.
CVE-2026-24993	2 Wordpress, Wpfactory	2 Wordpress, Advanced Woocommerce Product Sales Reporting	2026-03-26	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3.
CVE-2026-22484	2 Pebas, Wordpress	2 Lisfinity Core, Wordpress	2026-03-26	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through <= 1.5.0.
CVE-2026-22209	2 Gvectors, Wordpress	2 Wpdiscuz, Wordpress	2026-03-26	5.5 Medium
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like </style><script>alert(1)</script> in the custom CSS setting to execute arbitrary JavaScript in user browsers.
CVE-2026-25377	2 Eyecix, Wordpress	2 Addon Jobsearch Chat, Wordpress	2026-03-26	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through <= 3.0.
CVE-2026-32522	2 Vanquish, Wordpress	2 Woocommerce Support Ticket System, Wordpress	2026-03-26	N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5.
CVE-2026-32524	2 Jordy Meow, Wordpress	2 Photo Engine, Wordpress	2026-03-26	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9.
CVE-2026-22493	2 Elated-themes, Wordpress	2 Gaspard, Wordpress	2026-03-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affects Gaspard: from n/a through <= 1.3.
CVE-2026-22494	2 Themerex, Wordpress	2 Good Homes, Wordpress	2026-03-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through <= 1.3.13.
CVE-2026-22495	2 Ancorathemes, Wordpress	2 Greenville, Wordpress	2026-03-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through <= 1.3.2.
CVE-2026-22496	2 Ancorathemes, Wordpress	2 Hypnotherapy, Wordpress	2026-03-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through <= 1.2.10.
CVE-2026-22498	2 Elated-themes, Wordpress	2 Laurent, Wordpress	2026-03-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.
CVE-2026-22499	2 Elated-themes, Wordpress	2 Lella, Wordpress	2026-03-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Lella lella allows PHP Local File Inclusion.This issue affects Lella: from n/a through <= 1.2.
CVE-2026-22502	2 Ancorathemes, Wordpress	2 Mr. Cobbler, Wordpress	2026-03-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through <= 1.1.9.
CVE-2026-22503	2 Themerex, Wordpress	2 Nelson, Wordpress	2026-03-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through <= 1.2.0.
CVE-2026-22504	2 Themerex, Wordpress	2 Prolingua, Wordpress	2026-03-26	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through <= 1.1.12.

« first previous Page 2 of 569. next last »