Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 5145 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-23507	2 Blrt, Wordpress	2 Blrt Wp Embed, Wordpress	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blrt Blrt WP Embed allows Reflected XSS. This issue affects Blrt WP Embed: from n/a through 1.6.9.
CVE-2025-23629	2 Subhasis Laha, Wordpress	2 Gallerio, Wordpress	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Subhasis Laha Gallerio allows Reflected XSS. This issue affects Gallerio: from n/a through 1.0.1.
CVE-2025-23765	2 W3speedster, Wordpress	2 W3speedster, Wordpress	2025-07-12	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33.
CVE-2025-23987	2 Codegearthemes, Wordpress	2 Designer, Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodegearThemes Designer allows DOM-Based XSS. This issue affects Designer: from n/a through 1.6.0.
CVE-2025-24588	2 Patreon, Wordpress	2 Patreon Wordpress, Wordpress	2025-07-12	6.5 Medium
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.
CVE-2025-24615	2 Fatcatapps, Wordpress	2 Analytics Cat, Wordpress	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat allows Reflected XSS. This issue affects Analytics Cat: from n/a through 1.1.2.
CVE-2025-24621	2 Tychesoftwares, Wordpress	2 Arconix Shortcodes, Wordpress	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.15.
CVE-2025-24626	2 Codepeople, Wordpress	2 Music Store, Wordpress	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19.
CVE-2025-24672	2 Codepeople, Wordpress	2 Form Builder Cp, Wordpress	2025-07-12	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodePeople Form Builder CP allows SQL Injection. This issue affects Form Builder CP: from n/a through 1.2.41.
CVE-2025-24689	2 Codection, Wordpress	2 Import And Export Users And Customers, Wordpress	2025-07-12	5.9 Medium
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12.
CVE-2025-24695	2 Hasthemes, Wordpress	2 Extensions For Cf7, Wordpress	2025-07-12	4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery. This issue affects Extensions For CF7: from n/a through 3.2.0.
CVE-2025-24699	2 Wordpress, Wow-company	2 Wordpress, Wp Coder	2025-07-12	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.
CVE-2025-24706	2 Multivendorx, Wordpress	2 Wc Marketplace, Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Stored XSS. This issue affects WC Marketplace: from n/a through 4.2.13.
CVE-2025-24716	2 Wordpress, Wow-company	2 Wordpress, Herd Effects	2025-07-12	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.
CVE-2025-24720	2 Wordpress, Wow-company	2 Wordpress, Sticky Buttons	2025-07-12	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1.
CVE-2025-24734	2 Codesolz, Wordpress	2 Better Find And Replace, Wordpress	2025-07-12	8.8 High
Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7.
CVE-2025-24740	2 Thimpress, Wordpress	2 Learnpress, Wordpress	2025-07-12	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1.
CVE-2025-24751	2 Godaddy, Wordpress	2 Coblocks, Wordpress	2025-07-12	4.3 Medium
Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13.
CVE-2025-24752	2 Wordpress, Wpdeveloper	2 Wordpress, Essential Addons For Elementor	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Reflected XSS. This issue affects Essential Addons for Elementor: from n/a through 6.0.14.
CVE-2025-26742	2 Ghozylab, Wordpress	2 Gallery For Social Photo, Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35.

« first previous Page 196 of 258. next last »