Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9828 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69317	2 Scriptsbundle, Wordpress	2 Carspot, Wordpress	2026-01-26	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through < 2.4.6.
CVE-2025-69098	2 Wordpress, Wpwave	2 Wordpress, Hide My Wp	2026-01-26	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWave Hide My WP hide_my_wp allows Reflected XSS.This issue affects Hide My WP: from n/a through <= 6.2.12.
CVE-2026-22469	1 Wordpress	1 Wordpress	2026-01-26	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2.
CVE-2026-24360	2 Craig Hewitt, Wordpress	2 Seriously Simple Podcasting, Wordpress	2026-01-26	4.6 Medium
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.
CVE-2026-24361	2 Thimpress, Wordpress	2 Learnpress, Wordpress	2026-01-26	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a through <= 4.1.9.
CVE-2026-24365	2 Storeapps, Wordpress	2 Stock Manager For Woocommerce, Wordpress	2026-01-26	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.
CVE-2026-24366	2 Wordpress, Yithemes	2 Wordpress, Yith Woocommerce Request A Quote	2026-01-26	5.3 Medium
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0.
CVE-2026-24381	1 Wordpress	1 Wordpress	2026-01-26	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.
CVE-2026-24384	1 Wordpress	1 Wordpress	2026-01-26	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n/a through <= 2.14.
CVE-2026-24386	3 Elementinvader, Elementor, Wordpress	3 Template Kits For Elementor, Elementor, Wordpress	2026-01-26	4.3 Medium
Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through <= 1.2.4.
CVE-2025-69180	1 Wordpress	1 Wordpress	2026-01-26	8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through <= 6.7.
CVE-2026-22359	2 Aa-team, Wordpress	2 Wordpress Movies Bulk Importer, Wordpress	2026-01-26	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through <= 1.0.
CVE-2026-24367	1 Wordpress	1 Wordpress	2026-01-26	8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.
CVE-2026-22349	1 Wordpress	1 Wordpress	2026-01-26	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through <= 1.4.1.
CVE-2025-69316	1 Wordpress	1 Wordpress	2026-01-26	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2.
CVE-2026-24355	2 Favethemes, Wordpress	2 Houzez, Wordpress	2026-01-26	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through <= 4.2.6.
CVE-2026-22468	2 Abosoluteplugins, Wordpress	2 Absolute Addons For Elementor, Wordpress	2026-01-26	4.3 Medium
Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolute Addons For Elementor: from n/a through <= 1.0.14.
CVE-2026-24374	2 Metagauss, Wordpress	2 Registrationmagic, Wordpress	2026-01-26	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.
CVE-2026-24387	1 Wordpress	1 Wordpress	2026-01-26	4.3 Medium
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through <= 2.1.
CVE-2026-24388	1 Wordpress	1 Wordpress	2026-01-26	4.3 Medium
Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through <= 2.14.0.

« first previous Page 41 of 492. next last »