Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9826 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68507	2 Icegram, Wordpress	2 Icegram, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.
CVE-2025-68073	2 Ninjateam, Wordpress	2 Gpdr Ccpa Compliance Support, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4.
CVE-2025-68072	2 Merv Barrett, Wordpress	2 Easy Property Listings, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.17.
CVE-2024-54383	3 Wordpress, Wpweb, Wpwebelite	3 Wordpress, Woocommerce Pdf Vouchers, Woocommerce Pdf Vouchers	2026-01-28	9.8 Critical
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.
CVE-2023-28689	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0.
CVE-2023-25993	2 Webberzone, Wordpress	2 Top 10, Wordpress	2026-01-28	4.3 Medium
Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
CVE-2025-39354	2 Themegoods, Wordpress	2 Grand Conference, Wordpress	2026-01-28	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2.
CVE-2026-24549	2 Paolo, Wordpress	2 Geodirectory, Wordpress	2026-01-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a before 2.8.150.
CVE-2026-22481	1 Wordpress	1 Wordpress	2026-01-27	8.8 High
Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.
CVE-2025-69190	1 Wordpress	1 Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6.
CVE-2025-69183	2 E-plugins, Wordpress	2 Hospital & Doctor Directory, Wordpress	2026-01-27	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-69182	2 E-plugins, Wordpress	2 Institutions Directory, Wordpress	2026-01-27	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4.
CVE-2025-68899	2 Designthemes, Wordpress	2 Vivagh, Wordpress	2026-01-27	8.8 High
Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4.
CVE-2025-68898	2 Cjjparadoxmax, Wordpress	2 Synergy Project Manager, Wordpress	2026-01-27	5.8 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through <= 1.5.
CVE-2025-68896	1 Wordpress	1 Wordpress	2026-01-27	6.5 Medium
Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.
CVE-2025-68894	1 Wordpress	1 Wordpress	2026-01-27	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2.
CVE-2025-68884	1 Wordpress	1 Wordpress	2026-01-27	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1.
CVE-2025-68883	2 Extremeidea, Wordpress	2 Bidorbuy Store Integrator, Wordpress	2026-01-27	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through <= 2.12.0.
CVE-2025-68882	1 Wordpress	1 Wordpress	2026-01-27	7.5 High
Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.3.
CVE-2025-68857	1 Wordpress	1 Wordpress	2026-01-27	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through <= 3.15.

« first previous Page 25 of 492. next last »