Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 5539 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53348	2 Laborator, Wordpress	2 Kalium, Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in Laborator Kalium. This issue affects Kalium: from n/a through 3.18.3.
CVE-2025-58981	1 Wordpress	1 Wordpress	2025-09-11	5.4 Medium
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
CVE-2025-58980	2 Myrecorp, Wordpress	2 Export Wp Page To Static Html/css, Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0.
CVE-2025-58991	3 Cristiano Zanca, Woocommerce, Wordpress	3 Woocommerce Booking Bundle Hours, Woocommerce, Wordpress	2025-09-11	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.
CVE-2025-59005	2 Frenify, Wordpress	2 Categorify, Wordpress	2025-09-11	4.3 Medium
Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5.
CVE-2025-58990	1 Wordpress	1 Wordpress	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTech ShopLentor allows Stored XSS. This issue affects ShopLentor: from n/a through 3.2.0.
CVE-2025-58988	1 Wordpress	1 Wordpress	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Dolson My Tickets allows Stored XSS. This issue affects My Tickets: from n/a through 2.0.22.
CVE-2025-58989	1 Wordpress	1 Wordpress	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Dynamic Text Field For Contact Form 7 allows Stored XSS. This issue affects Dynamic Text Field For Contact Form 7: from n/a through 1.0.
CVE-2025-58976	1 Wordpress	1 Wordpress	2025-09-11	4.3 Medium
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
CVE-2025-54709	1 Wordpress	1 Wordpress	2025-09-11	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6.
CVE-2025-58977	2 Winwar, Wordpress	2 Wp Ebay Product Feeds, Wordpress	2025-09-11	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8.
CVE-2025-58215	1 Wordpress	1 Wordpress	2025-09-11	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. This issue affects Ziston: from n/a through n/a.
CVE-2025-58979	2 Berqier, Wordpress	2 Berqwp, Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53.
CVE-2025-58983	1 Wordpress	1 Wordpress	2025-09-11	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2.
CVE-2025-58982	2 Pixeline, Wordpress	2 Email Protector, Wordpress	2025-09-11	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector allows Stored XSS. This issue affects Pixeline's Email Protector: from n/a through 1.3.8.
CVE-2025-58984	2 Welcart, Wordpress	2 E-commerce, Wordpress	2025-09-11	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.20.
CVE-2025-58987	2 Antoineh, Wordpress	2 Football Pool, Wordpress	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.6.
CVE-2025-58985	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Additional Custom Product Tabs For Woocommerce	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.3.
CVE-2025-58978	2 Wordpress, Wpswings	2 Wordpress, Pdf Generator For Wordpress	2025-09-11	5.3 Medium
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.
CVE-2025-58997	1 Wordpress	1 Wordpress	2025-09-11	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10.

« first previous Page 6 of 277. next last »