Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11475 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58962	1 Wordpress	1 Wordpress	2026-04-01	N/A
Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio publitio allows Server Side Request Forgery.This issue affects Publitio: from n/a through <= 2.2.1.
CVE-2025-58960	2 Brijeshk89, Wordpress	2 Ip Based Login, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: from n/a through <= 2.4.3.
CVE-2025-58957	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.2.20.
CVE-2025-58956	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System wp-attractive-donations-system-easy-stripe-paypal-donations allows Stored XSS.This issue affects WP Attractive Donations System: from n/a through < 1.29.
CVE-2025-58919	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in guihom Wide Banner wide-banner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wide Banner: from n/a through <= 1.0.4.
CVE-2025-58917	3 Nick Verwymeren, Woocommerce, Wordpress	3 Quantities And Units For Woocommerce, Woocommerce, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Verwymeren Quantities and Units for WooCommerce quantities-and-units-for-woocommerce allows Stored XSS.This issue affects Quantities and Units for WooCommerce: from n/a through <= 1.0.13.
CVE-2025-58915	2 Emarket-design, Wordpress	2 Youtube Showcase, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design Request a Quote request-a-quote allows Stored XSS.This issue affects Request a Quote: from n/a through <= 2.5.0.
CVE-2025-58914	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes Demo Site Importer di-themes-demo-site-importer allows Cross Site Request Forgery.This issue affects Di Themes Demo Site Importer: from n/a through <= 1.2.
CVE-2025-58886	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tan Nguyen Instant Locations instant-locations allows Stored XSS.This issue affects Instant Locations: from n/a through <= 1.0.
CVE-2025-58884	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Drago vipdrv vipdrv-vip-test-drive allows Stored XSS.This issue affects vipdrv: from n/a through <= 1.0.3.
CVE-2025-58883	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Harris Search Cloud One search-cloud-one allows Stored XSS.This issue affects Search Cloud One: from n/a through <= 2.2.5.
CVE-2025-58882	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in w1zzard Simple Text Slider simple-text-slider allows Stored XSS.This issue affects Simple Text Slider: from n/a through <= 1.0.5.
CVE-2025-58876	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through <= 0.2.4.
CVE-2025-58874	2 Josepsitjar, Wordpress	2 Storymap, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in josepsitjar StoryMap wp-storymap allows DOM-Based XSS.This issue affects StoryMap: from n/a through <= 2.1.
CVE-2025-58873	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pusheco Pushe Web Push Notification pushe-webpush allows Stored XSS.This issue affects Pushe Web Push Notification: from n/a through <= 0.5.0.
CVE-2025-58872	1 Wordpress	1 Wordpress	2026-04-01	N/A
Insertion of Sensitive Information Into Sent Data vulnerability in premiumbizthemes Simple Price Calculator simple-price-calculator-basic allows Retrieve Embedded Sensitive Data.This issue affects Simple Price Calculator: from n/a through <= 1.3.
CVE-2025-58871	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luis Rock Master Paper Collapse Toggle master-paper-collapse-toggle allows Stored XSS.This issue affects Master Paper Collapse Toggle: from n/a through <= 1.1.
CVE-2025-58869	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through <= 1.3.2.
CVE-2025-58868	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through <= 1.3.2.
CVE-2025-58866	1 Wordpress	1 Wordpress	2026-04-01	N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through <= 1.1.

« first previous Page 22 of 574. next last »