Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 5054 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-51818	1 Wordpress	1 Wordpress	2025-01-21	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.
CVE-2025-23922	1 Wordpress	1 Wordpress	2025-01-17	10 Critical
Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.
CVE-2022-47161	1 Wordpress	1 Health Check \& Troubleshooting	2025-01-08	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.
CVE-2022-47174	1 Wordpress	1 Performance Lab	2025-01-08	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.
CVE-2024-12849	1 Wordpress	1 Wordpress	2025-01-07	7.5 High
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
CVE-2022-46796	2 Villatheme, Wordpress	2 Curcy, Wordpress	2024-12-23	6.5 Medium
Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.
CVE-2023-41873	2 Miniorange, Wordpress	2 Saml Sp Single Sign On, Wordpress	2024-12-16	4.3 Medium
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4.
CVE-2024-9698	1 Wordpress	1 Wordpress	2024-12-16	7.2 High
The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2023-41952	1 Wordpress	1 Wordpress	2024-12-16	5.3 Medium
Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8.
CVE-2022-44578	2 Pierre-jehan, Wordpress	2 Owl Carousel, Wordpress	2024-12-13	5.3 Medium
Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3.
CVE-2023-28990	1 Wordpress	1 Wordpress	2024-12-13	4.3 Medium
Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9.
CVE-2023-32599	1 Wordpress	1 Wordpress	2024-12-13	4.3 Medium
Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22.
CVE-2022-46846	1 Wordpress	1 Wordpress	2024-12-13	5.3 Medium
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trending/Popular Post Slider and Widget: from n/a through 1.5.7.
CVE-2022-46840	1 Wordpress	1 Wordpress	2024-12-13	5.4 Medium
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
CVE-2022-46838	1 Wordpress	1 Wordpress	2024-12-13	9.1 Critical
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
CVE-2023-36518	1 Wordpress	1 Wordpress	2024-12-13	4.3 Medium
Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Hit Counter: from n/a through 1.3.2.
CVE-2023-36519	1 Wordpress	1 Wordpress	2024-12-13	5.4 Medium
Missing Authorization vulnerability in wpthemego SW Product Bundles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SW Product Bundles: from n/a through 2.0.15.
CVE-2023-36528	1 Wordpress	1 Wordpress	2024-12-13	5.3 Medium
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3.
CVE-2023-40001	1 Wordpress	1 Wordpress	2024-12-13	4.3 Medium
Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13.
CVE-2023-32507	2 Wordpress, Wp3sixty	2 Wordpress, Woo Custom Emails	2024-12-13	7.3 High
Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2.

« first previous Page 221 of 253. next last »