Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11384 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53294	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Smart Agenda Smart Agenda smart-agenda-prise-de-rendez-vous-en-ligne allows Stored XSS.This issue affects Smart Agenda: from n/a through <= 4.9.
CVE-2025-53293	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar dashboard-widget-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Widget Sidebar: from n/a through <= 1.2.3.
CVE-2025-53292	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in samsk WP DataTable wp-datatable allows DOM-Based XSS.This issue affects WP DataTable: from n/a through <= 0.2.7.
CVE-2025-53291	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in spoddev2021 Spreadconnect wc-spod.This issue affects Spreadconnect: from n/a through <= 2.1.5.
CVE-2025-53290	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MS WP Visual Sitemap wp-visual-sitemap allows Stored XSS.This issue affects WP Visual Sitemap: from n/a through <= 1.0.2.
CVE-2025-53289	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Widget Areas theme-blvd-widget-areas allows Reflected XSS.This issue affects Theme Blvd Widget Areas: from n/a through <= 1.3.0.
CVE-2025-53288	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments plationline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PlatiOnline Payments: from n/a through <= 7.0.0.
CVE-2025-53287	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Cummings Quick Favicon quick-favicon allows Stored XSS.This issue affects Quick Favicon: from n/a through <= 0.22.8.
CVE-2025-53284	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through <= 1.1.
CVE-2025-53282	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Thumbnail Editor thumbnail-editor allows Stored XSS.This issue affects Thumbnail Editor: from n/a through <= 2.3.3.
CVE-2025-53280	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool football-pool allows Stored XSS.This issue affects Football Pool: from n/a through <= 2.12.5.
CVE-2025-53279	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Popup addon for Ninja Forms popup-addon-for-ninja-forms allows DOM-Based XSS.This issue affects Popup addon for Ninja Forms: from n/a through <= 3.4.
CVE-2025-53278	2 Wordpress, Wpeka	2 Wordpress, Wp Adcenter	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through <= 2.6.0.
CVE-2025-53276	2 Omnipressteam, Wordpress	2 Omnipress, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows DOM-Based XSS.This issue affects Omnipress: from n/a through <= 1.6.4.
CVE-2025-53275	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka leyka allows DOM-Based XSS.This issue affects Leyka: from n/a through <= 3.32.1.
CVE-2025-53274	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Hossin Asaadi WP Permalink Translator wp-permalink-translator allows Stored XSS.This issue affects WP Permalink Translator: from n/a through <= 1.7.6.
CVE-2025-53273	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream slick-engagement allows Cross Site Request Forgery.This issue affects Slickstream: from n/a through <= 2.0.3.
CVE-2025-53272	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in opicron Image Cleanup image-cleanup allows Cross Site Request Forgery.This issue affects Image Cleanup: from n/a through <= 1.9.2.
CVE-2025-53269	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in imw3 My Wp Brand my-wp-brand allows Cross Site Request Forgery.This issue affects My Wp Brand: from n/a through <= 1.1.3.
CVE-2025-53268	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Cross Site Request Forgery.This issue affects Import external attachments: from n/a through <= 1.5.12.

« first previous Page 48 of 570. next last »