Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 4967 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-48167	1 Wordpress	1 Wordpress	2025-07-21	5.4 Medium
Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Manager: from n/a through 1.2.5.
CVE-2025-54010	1 Wordpress	1 Wordpress	2025-07-21	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross Site Request Forgery. This issue affects FluentSnippets: from n/a through 10.50.
CVE-2025-53991	1 Wordpress	1 Wordpress	2025-07-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTricks allows Stored XSS. This issue affects JetTricks: from n/a through 1.5.4.1.
CVE-2025-5845	1 Wordpress	1 Wordpress	2025-07-21	6.4 Medium
The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘numColumns’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-48155	1 Wordpress	1 Wordpress	2025-07-21	5.3 Medium
Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9.
CVE-2025-54037	2 Blazethemes, Wordpress	2 News Kit Elementor Addons, Wordpress	2025-07-21	5.4 Medium
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4.
CVE-2025-48161	2 Wordpress, Yaycommerce	2 Wordpress, Yaysmtp	2025-07-21	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP allows SQL Injection. This issue affects YaySMTP: from n/a through 1.3.
CVE-2025-53997	2 Favethemes, Wordpress	2 Houzez, Wordpress	2025-07-21	4.3 Medium
Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a through 4.0.4.
CVE-2025-48156	1 Wordpress	1 Wordpress	2025-07-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall allows Stored XSS. This issue affects Image Wall: from n/a through 3.1.
CVE-2025-54009	1 Wordpress	1 Wordpress	2025-07-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters allows Stored XSS. This issue affects JetSmartFilters: from n/a through 3.6.8.
CVE-2025-5843	1 Wordpress	1 Wordpress	2025-07-21	6.4 Medium
The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-54018	2 Creativemindssolutions, Wordpress	2 Cm Pop-up Banners, Wordpress	2025-07-21	4.3 Medium
Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CM Pop-Up banners: from n/a through 1.8.4.
CVE-2025-54039	1 Wordpress	1 Wordpress	2025-07-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator allows Cross Site Request Forgery. This issue affects Animator: from n/a through 3.0.16.
CVE-2025-54026	1 Wordpress	1 Wordpress	2025-07-21	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes allows SQL Injection. This issue affects GymBase Theme Classes: from n/a through 1.4.
CVE-2025-48153	1 Wordpress	1 Wordpress	2025-07-21	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images allows Stored XSS. This issue affects Import CDN-Remote Images: from n/a through 2.1.2.
CVE-2025-53995	1 Wordpress	1 Wordpress	2025-07-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetPopup allows Stored XSS. This issue affects JetPopup: from n/a through 2.0.15.1.
CVE-2025-53982	2 Crocoblock, Wordpress	2 Jetelements For Elementor, Wordpress	2025-07-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.7.
CVE-2025-54051	1 Wordpress	1 Wordpress	2025-07-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins LightBox Block allows Stored XSS. This issue affects LightBox Block: from n/a through 1.1.30.
CVE-2025-48166	1 Wordpress	1 Wordpress	2025-07-21	5.3 Medium
Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48.
CVE-2025-49884	1 Wordpress	1 Wordpress	2025-07-21	6.5 Medium
Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Linking of Related Contents: from n/a through 1.1.8.

« first previous Page 18 of 249. next last »