Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 6089 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-60181	1 Wordpress	1 Wordpress	2025-09-29	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in silence Silencesoft RSS Reader allows Server Side Request Forgery. This issue affects Silencesoft RSS Reader: from n/a through 0.6.
CVE-2025-60122	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.
CVE-2025-60164	2 Newsman, Wordpress	2 Newsmanapp, Wordpress	2025-09-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp allows Stored XSS. This issue affects NewsmanApp: from n/a through 2.7.7.
CVE-2025-60169	1 Wordpress	1 Wordpress	2025-09-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technology W3SCloud Contact Form 7 to Zoho CRM allows Stored XSS. This issue affects W3SCloud Contact Form 7 to Zoho CRM: from n/a through 3.0.
CVE-2025-60185	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kontur.us kontur Admin Style allows Stored XSS. This issue affects kontur Admin Style: from n/a through 1.0.4.
CVE-2025-60130	1 Wordpress	1 Wordpress	2025-09-29	5.3 Medium
Missing Authorization vulnerability in wedos.com WEDOS Global allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEDOS Global: from n/a through 1.2.2.
CVE-2025-60160	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sharkthemes Smart Related Products allows Stored XSS. This issue affects Smart Related Products: from n/a through 2.0.5.
CVE-2025-60219	3 Harutheme, Woocommerce, Wordpress	3 Woocommerce Designer Pro, Woocommerce, Wordpress	2025-09-29	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme WooCommerce Designer Pro allows Upload a Web Shell to a Web Server. This issue affects WooCommerce Designer Pro: from n/a through 1.9.24.
CVE-2025-60147	1 Wordpress	1 Wordpress	2025-09-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Feed allows Stored XSS. This issue affects HT Feed: from n/a through 1.3.0.
CVE-2025-60141	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thetechtribe The Tribal allows Stored XSS. This issue affects The Tribal: from n/a through 1.3.3.
CVE-2025-60144	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Lenix scss compiler allows Stored XSS. This issue affects Lenix scss compiler: from n/a through 1.2.
CVE-2025-60186	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Moss Google+ Comments allows Stored XSS. This issue affects Google+ Comments: from n/a through 1.0.
CVE-2025-60140	1 Wordpress	1 Wordpress	2025-09-29	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal allows Retrieve Embedded Sensitive Data. This issue affects The Tribal: from n/a through 1.3.3.
CVE-2025-60153	1 Wordpress	1 Wordpress	2025-09-29	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe To Unlock allows PHP Local File Inclusion. This issue affects Subscribe To Unlock: from n/a through 1.1.5.
CVE-2025-60133	2 Dj-extensions, Wordpress	2 Pe Easy Slider, Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DJ-Extensions.com PE Easy Slider allows Stored XSS. This issue affects PE Easy Slider: from n/a through 1.1.0.
CVE-2025-60162	2 Pickplugins, Wordpress	2 Job Board Manager, Wordpress	2025-09-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows DOM-Based XSS. This issue affects Job Board Manager: from n/a through 2.1.61.
CVE-2025-60123	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.
CVE-2025-60155	1 Wordpress	1 Wordpress	2025-09-29	5.3 Medium
Missing Authorization vulnerability in loopus WP Virtual Assistant allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Virtual Assistant: from n/a through 3.0.
CVE-2025-60179	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Space Studio Click & Tweet allows Stored XSS. This issue affects Click & Tweet: from n/a through 0.8.9.
CVE-2025-60117	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica Core allows Cross Site Request Forgery. This issue affects Vehica Core: from n/a through 1.0.100.

« first previous Page 10 of 305. next last »