Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7232 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62986	1 Wordpress	1 Wordpress	2025-11-13	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in FanBridge FanBridge signup fanbridge-signup allows Stored XSS.This issue affects FanBridge signup: from n/a through <= 0.6.
CVE-2025-62985	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in llamaman Simple Pull Quote simple-pull-quote allows Stored XSS.This issue affects Simple Pull Quote: from n/a through <= 1.6.3.
CVE-2025-62983	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through <= 3.2.1.
CVE-2025-62980	1 Wordpress	1 Wordpress	2025-11-13	8.8 High
Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03.
CVE-2025-62979	1 Wordpress	1 Wordpress	2025-11-13	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4.
CVE-2025-62978	1 Wordpress	1 Wordpress	2025-11-13	4.3 Medium
Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through <= 1.8.5.
CVE-2025-62977	1 Wordpress	1 Wordpress	2025-11-13	5.3 Medium
Missing Authorization vulnerability in 沃之涛百度站长SEO合集(支持百度/神马/Bing/头条推送) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集(支持百度/神马/Bing/头条推送): from n/a through <= 2.1.3.
CVE-2025-62976	2 Joovii, Wordpress	2 Sendle Shipping, Wordpress	2025-11-13	5.3 Medium
Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n/a through <= 6.02.
CVE-2025-62975	1 Wordpress	1 Wordpress	2025-11-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat raychat allows Cross Site Request Forgery.This issue affects Raychat: from n/a through <= 2.2.1.
CVE-2025-62974	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Stored XSS.This issue affects Headline Analyzer: from n/a through <= 1.3.7.
CVE-2025-62973	2 Themekraft, Wordpress	2 Buddyforms, Wordpress	2025-11-13	5.3 Medium
Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.
CVE-2025-62972	2 Webinarpress, Wordpress	2 Webinarpress, Wordpress	2025-11-13	4.3 Medium
Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a through <= 1.33.28.
CVE-2025-62971	1 Wordpress	1 Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrestaProject Attesa Extra attesa-extra allows Stored XSS.This issue affects Attesa Extra: from n/a through <= 1.4.5.
CVE-2025-62970	2 Spencer Haws, Wordpress	2 Link Whisper Free, Wordpress	2025-11-13	5.3 Medium
Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through <= 0.8.8.
CVE-2025-62969	2 Wordpress, Xlplugins	2 Wordpress, Nextmove	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through <= 2.21.0.
CVE-2025-62968	2 Sayandatta, Wordpress	2 Wp Last Modified Info, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Stored XSS.This issue affects WP Last Modified Info: from n/a through <= 1.9.2.
CVE-2025-62967	2 Designinvento, Wordpress	2 Directorypress, Wordpress	2025-11-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designinvento DirectoryPress directorypress allows DOM-Based XSS.This issue affects DirectoryPress: from n/a through <= 3.6.25.
CVE-2025-62966	1 Wordpress	1 Wordpress	2025-11-13	5.4 Medium
Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.
CVE-2025-62965	2 Admin Management Xtended Project, Wordpress	2 Admin Management Xtended, Wordpress	2025-11-13	7.2 High
Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1.
CVE-2025-62964	1 Wordpress	1 Wordpress	2025-11-13	8.1 High
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.4.

« first previous Page 13 of 362. next last »