Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8221 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-67588	2 Elementor, Wordpress	2 Website Builder, Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.
CVE-2025-67585	1 Wordpress	1 Wordpress	2025-12-10	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Phishing.This issue affects Flexmls® IDX: from n/a through <= 3.15.7.
CVE-2025-63037	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68.
CVE-2025-67597	1 Wordpress	1 Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through <= 1.9.11.
CVE-2025-63050	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through <= 19.9.8.
CVE-2025-63056	2 Bestwebsoft, Wordpress	2 Contact Form, Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through <= 4.3.5.
CVE-2025-63013	2 Thimpress, Wordpress	2 Wp Hotel Booking, Wordpress	2025-12-10	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.
CVE-2025-63033	3 Elementor, Riyadh Ahmed, Wordpress	3 Elementor, Make Section And Column Clickable For Elementor, Wordpress	2025-12-10	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a through <= 2.3.
CVE-2025-67576	2 Quantumcloud, Wordpress	2 Simple Link Directory, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2025-63012	2 Thimpress, Wordpress	2 Wp Hotel Booking, Wordpress	2025-12-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.
CVE-2025-63055	3 Elementor, Liton Arefin, Wordpress	3 Elementor, Master Addons For Elementor, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.
CVE-2025-67578	2 Rhys Wynne, Wordpress	2 Wp Email Capture, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through <= 3.12.4.
CVE-2025-67587	2 Crm Perks, Wordpress	2 Wp Gravity Forms Freshdesk Plugin, Wordpress	2025-12-10	4.3 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5.
CVE-2025-67593	1 Wordpress	1 Wordpress	2025-12-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.48.
CVE-2025-63010	1 Wordpress	1 Wordpress	2025-12-10	4.8 Medium
Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4.
CVE-2025-63048	2 Cridio, Wordpress	2 Listingpro Lead Form, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.
CVE-2025-67584	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in rtCamp GoDAM godam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDAM: from n/a through <= 1.4.6.
CVE-2025-63052	2 Gallerycreator, Wordpress	2 Simply Gallery, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through <= 3.2.8.
CVE-2025-67589	2 Wordpress, Wpovernight	2 Wordpress, Woocommerce Pdf Invoices\& Packing Slips	2025-12-10	4.3 Medium
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through <= 4.9.1.
CVE-2025-67577	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.8.20.

« first previous Page 37 of 412. next last »