Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11391 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53263	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in PluginsCafe Address Autocomplete via Google for Gravity Forms gf-google-address-autocomplete allows Cross Site Request Forgery.This issue affects Address Autocomplete via Google for Gravity Forms: from n/a through <= 1.3.4.
CVE-2025-53261	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in macbookandrew WP YouTube Live wp-youtube-live allows Cross Site Request Forgery.This issue affects WP YouTube Live: from n/a through <= 1.10.0.
CVE-2025-53259	2 Nicdark, Wordpress	2 Hotel Booking, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This issue affects Hotel Booking: from n/a through <= 3.7.
CVE-2025-53258	2 Wordpress, Wow-company	2 Wordpress, Hover Effects	2026-04-01	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through <= 2.1.2.
CVE-2025-53254	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Cyrlitera cyrlitera allows Cross Site Request Forgery.This issue affects Cyrlitera: from n/a through <= 1.3.0.
CVE-2025-53253	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh WP Edit wp-edit allows Stored XSS.This issue affects WP Edit: from n/a through <= 4.0.4.
CVE-2025-53251	1 Wordpress	1 Wordpress	2026-04-01	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a through < 7.2.
CVE-2025-53249	2 Hakeemnala, Wordpress	2 Build App Online, Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.
CVE-2025-53248	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magazine eximious-magazine allows PHP Local File Inclusion.This issue affects Magazine: from n/a through <= 1.2.2.
CVE-2025-53247	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpinterface BlogMarks blogmarks allows PHP Local File Inclusion.This issue affects BlogMarks: from n/a through <= 1.0.8.
CVE-2025-53244	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magazine Elite magazine-elite allows PHP Local File Inclusion.This issue affects Magazine Elite: from n/a through <= 1.2.4.
CVE-2025-53241	2 Kodeshpa, Wordpress	2 Simplified Plugin, Wordpress	2026-04-01	N/A
Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11.
CVE-2025-53235	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osuthorpe Easy Social easy-social-media allows Reflected XSS.This issue affects Easy Social: from n/a through <= 1.3.
CVE-2025-53230	2 Elementor, Wordpress	2 Elementor, Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5.
CVE-2025-53227	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magazine Saga magazine-saga allows PHP Local File Inclusion.This issue affects Magazine Saga: from n/a through <= 1.2.7.
CVE-2025-53226	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Comments Capcha Box comments-capcha-box allows Reflected XSS.This issue affects Comments Capcha Box: from n/a through <= 1.1.
CVE-2025-53225	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eboekhouden e-Boekhouden.nl e-boekhoudennl-connector allows Reflected XSS.This issue affects e-Boekhouden.nl: from n/a through <= 1.9.3.
CVE-2025-53223	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undoIT Theme Switcher Reloaded theme-switcher-reloaded allows Reflected XSS.This issue affects Theme Switcher Reloaded: from n/a through <= 1.1.
CVE-2025-53221	2 Codeablepress, Wordpress	2 Codeablepress, Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CodeablePress: from n/a through <= 1.0.2.
CVE-2025-53220	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XmasB XmasB Quotes xmasb-quotes allows Reflected XSS.This issue affects XmasB Quotes: from n/a through <= 1.6.1.

« first previous Page 52 of 570. next last »