Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7258 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-48293	1 Wordpress	1 Wordpress	2025-08-14	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows PHP Local File Inclusion. This issue affects Geo Mashup: from n/a through 1.13.16.
CVE-2025-47689	1 Wordpress	1 Wordpress	2025-08-14	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS. This issue affects Video Blogster Lite: from n/a through 1.2.
CVE-2025-3703	2 Wipeoutmedia, Wordpress	2 Css & Javascript Toolbox, Wordpress	2025-08-14	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local File Inclusion. This issue affects CSS & JavaScript Toolbox: from n/a through n/a.
CVE-2025-54671	2 Bobbingwide, Wordpress	2 Oik, Wordpress	2025-08-14	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2.
CVE-2025-54676	2 Vcita, Wordpress	2 Online Booking & Scheduling Calendar For Wordpress By Vcita, Wordpress	2025-08-14	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3.
CVE-2025-54678	1 Wordpress	1 Wordpress	2025-08-14	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder allows Blind SQL Injection. This issue affects Easy Form Builder: from n/a through 3.8.15.
CVE-2025-54680	1 Wordpress	1 Wordpress	2025-08-14	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Blogger Buzz allows Stored XSS. This issue affects Blogger Buzz: from n/a through 1.2.6.
CVE-2025-54681	1 Wordpress	1 Wordpress	2025-08-14	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4.
CVE-2025-54682	1 Wordpress	1 Wordpress	2025-08-14	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4.
CVE-2025-54683	1 Wordpress	1 Wordpress	2025-08-14	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Reflected XSS. This issue affects WP Modal Popup with Cookie Integration: from n/a through 2.4.
CVE-2025-54694	2 Bplugins, Wordpress	2 Button Block, Wordpress	2025-08-14	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0.
CVE-2025-54695	1 Wordpress	1 Wordpress	2025-08-14	5.4 Medium
Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.
CVE-2025-7808	1 Wordpress	1 Wordpress	2025-08-14	6.1 Medium
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2025-54705	1 Wordpress	1 Wordpress	2025-08-14	4.3 Medium
Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.4.6.
CVE-2025-47479	2 Wordpress, Wpcompress	2 Wordpress, Wp Compress	2025-08-14	5.3 Medium
Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30.
CVE-2025-54706	1 Wordpress	1 Wordpress	2025-08-14	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52.
CVE-2025-54707	1 Wordpress	1 Wordpress	2025-08-14	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF allows SQL Injection. This issue affects MDTF: from n/a through 1.3.3.7.
CVE-2025-25172	2 Beeteam368, Wordpress	2 Vidmov, Wordpress	2025-08-14	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This issue affects VidMov: from n/a through 1.9.4.
CVE-2025-54698	2 Radiustheme, Wordpress	2 Classified Listing, Wordpress	2025-08-14	5.4 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0.
CVE-2025-54700	1 Wordpress	1 Wordpress	2025-08-14	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This issue affects Makeaholic: from n/a through 1.8.4.

« first previous Page 121 of 363. next last »