Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11404 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-48149	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects Cook&Meal: from n/a through <= 1.2.3.
CVE-2025-48148	2 Woocommerce, Wordpress	3 Storekeeper, Woocommerce, Wordpress	2026-04-01	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4.
CVE-2025-48142	1 Wordpress	1 Wordpress	2026-04-01	N/A
Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through <= 1.0.9.
CVE-2025-48140	2 Metalpriceapi, Wordpress	2 Metalpriceapi, Wordpress	2026-04-01	N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through <= 1.1.4.
CVE-2025-48123	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-01	N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code Injection.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37.
CVE-2025-48121	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget wp-notes-widget allows DOM-Based XSS.This issue affects WP Notes Widget: from n/a through <= 1.0.6.
CVE-2025-48116	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 2.4.4.
CVE-2025-48115	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify validar-certificados-de-cursos allows Cross Site Request Forgery.This issue affects ValidateCertify: from n/a through <= 1.6.4.
CVE-2025-48114	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger shayanweb-admin-fontchanger allows Stored XSS.This issue affects ShayanWeb Admin FontChanger: from n/a through <= 1.9.1.
CVE-2025-48109	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through <= 0.9.1.
CVE-2025-48107	2 Undsgn, Wordpress	2 Uncode, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through < 2.9.4.4.
CVE-2025-48105	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Boiardt Easy Flash Embed easy-flash-embed allows Stored XSS.This issue affects Easy Flash Embed: from n/a through <= 1.0.
CVE-2025-48104	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player floating-window-music-player allows Stored XSS.This issue affects Floating Window Music Player: from n/a through <= 3.4.2.
CVE-2025-48103	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mulscully Today's Date Inserter todays-date-inserter allows Stored XSS.This issue affects Today's Date Inserter: from n/a through <= 1.2.1.
CVE-2025-48088	2 Brainstormforce, Wordpress	2 Ultimate Addons For Wpbakery Page Builder, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm_Force Ultimate Addons for WPBakery Page Builder ultimate_vc_addons allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through < 3.21.1.
CVE-2025-47696	2 Solwin, Wordpress	2 Blog Designer Pro, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through <= 3.4.7.
CVE-2025-47695	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through <= 3.4.7.
CVE-2025-47694	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through <= 3.4.7.
CVE-2025-47689	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Reflected XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2.
CVE-2025-47685	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout contribuinte-checkout allows Stored XSS.This issue affects Contribuinte Checkout: from n/a through <= 2.0.03.

« first previous Page 68 of 571. next last »