Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11408 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-32626	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-04-01	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-32624	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in czater Czater.pl – live chat i telefon czater allows Cross Site Request Forgery.This issue affects Czater.pl – live chat i telefon: from n/a through <= 1.0.5.
CVE-2025-32622	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTP-less OTP-less one tap Sign in otpless allows Reflected XSS.This issue affects OTP-less one tap Sign in: from n/a through <= 2.0.58.
CVE-2025-32620	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in fromdoppler Doppler Forms doppler-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Doppler Forms: from n/a through <= 2.4.6.
CVE-2025-32613	2 Bowo, Wordpress	2 Debug Log Manager, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager debug-log-manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through <= 2.3.4.
CVE-2025-32610	2 Foliovision, Wordpress	2 Foliopress Wysiwyg, Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in FolioVision Foliopress WYSIWYG foliopress-wysiwyg allows Cross Site Request Forgery.This issue affects Foliopress WYSIWYG: from n/a through <= 2.6.18.
CVE-2025-32606	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Buildium listings-for-buildium allows Stored XSS.This issue affects Listings for Buildium: from n/a through <= 0.1.5.
CVE-2025-32604	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Aslani AWSA Shipping awsa-shipping allows Reflected XSS.This issue affects AWSA Shipping: from n/a through <= 1.3.0.
CVE-2025-32602	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS wooms allows Reflected XSS.This issue affects WooMS: from n/a through <= 9.12.
CVE-2025-32601	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in twispay Twispay Credit Card Payments twispay allows Reflected XSS.This issue affects Twispay Credit Card Payments: from n/a through <= 2.1.2.
CVE-2025-32596	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Code Injection.This issue affects Real Estate Manager: from n/a through <= 7.3.
CVE-2025-32595	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through < 1.5.0.
CVE-2025-32594	1 Wordpress	1 Wordpress	2026-04-01	N/A
Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events simple-wp-events allows Retrieve Embedded Sensitive Data.This issue affects Simple WP Events: from n/a through <= 1.8.17.
CVE-2025-32590	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tzin111 Web2application web2application allows Reflected XSS.This issue affects Web2application: from n/a through <= 6.1.
CVE-2025-32582	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Stored XSS.This issue affects WP AutoKeyword: from n/a through <= 1.0.
CVE-2025-32579	1 Wordpress	1 Wordpress	2026-04-01	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a Web Server.This issue affects Sync Posts: from n/a through <= 1.0.
CVE-2025-32578	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapro Collins Coming Soon Countdown coming-soon-countdown allows Reflected XSS.This issue affects Coming Soon Countdown: from n/a through <= 2.2.
CVE-2025-32577	2 Hakeemnala, Wordpress	2 Build App Online, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through <= 1.0.23.
CVE-2025-32571	1 Wordpress	1 Wordpress	2026-04-01	N/A
Deserialization of Untrusted Data vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Object Injection.This issue affects TuriTop Booking System: from n/a through <= 1.0.10.
CVE-2025-32567	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in dev02ali Easy Post Duplicator easy-post-duplicator allows SQL Injection.This issue affects Easy Post Duplicator: from n/a through <= 1.0.1.

« first previous Page 80 of 571. next last »