Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8912 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-47553	2 Digitalzoomstudio, Wordpress	2 Video Gallery, Wordpress	2026-01-07	8.8 High
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25.
CVE-2025-39477	2 Sfwebservice, Wordpress	2 Injob, Wordpress	2026-01-07	9.8 Critical
Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.
CVE-2025-69355	2 Tickera, Wordpress	2 Tickera, Wordpress	2026-01-07	N/A
Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.4.
CVE-2025-69083	2 Elated-themes, Wordpress	2 Frappé, Wordpress	2026-01-07	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a through 1.8.
CVE-2025-69341	1 Wordpress	1 Wordpress	2026-01-07	5.4 Medium
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.3.
CVE-2025-69345	2 Boldgrid, Wordpress	2 Post And Page Builder, Wordpress	2026-01-07	5.4 Medium
Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.9.
CVE-2025-69364	2 Cloudways, Wordpress	2 Breeze, Wordpress	2026-01-07	N/A
Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
CVE-2025-69352	2 Stellarwp, Wordpress	2 The Events Calendar, Wordpress	2026-01-07	5.4 Medium
Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2.
CVE-2025-69331	2 Jeroen Schmit, Wordpress	2 Theater For Wordpress, Wordpress	2026-01-07	4.3 Medium
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.19.
CVE-2025-69363	2 Cyberchimps, Wordpress	2 Responsive Addons For Elementor, Wordpress	2026-01-07	N/A
Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.
CVE-2025-69350	2 Themepoints, Wordpress	2 Accordion, Wordpress	2026-01-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion accordions-wp allows Stored XSS.This issue affects Accordion: from n/a through <= 3.0.3.
CVE-2025-69362	1 Wordpress	1 Wordpress	2026-01-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.
CVE-2025-69348	2 Coolhappy, Wordpress	2 The Events Calendar Countdown Addon, Wordpress	2026-01-07	5.4 Medium
Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar Countdown Addon: from n/a through <= 1.4.15.
CVE-2025-69361	2 Publishpress, Wordpress	2 Post Expirator, Wordpress	2026-01-07	N/A
Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.
CVE-2025-69353	1 Wordpress	1 Wordpress	2026-01-07	5.4 Medium
Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.3.
CVE-2025-69084	2 Gt3themes, Wordpress	2 Photo Gallery, Wordpress	2026-01-07	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 themes Photo Gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through 2.7.7.26.
CVE-2025-69085	1 Wordpress	1 Wordpress	2026-01-07	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank allows Reflected XSS.This issue affects JobBank: from n/a through 1.2.2.
CVE-2025-69349	2 Fahadmahmood, Wordpress	2 Rss Feed Widget, Wordpress	2026-01-07	5.4 Medium
Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2.
CVE-2025-32304	1 Wordpress	1 Wordpress	2026-01-07	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2025-69342	1 Wordpress	1 Wordpress	2026-01-07	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Calafate calafate allows PHP Local File Inclusion.This issue affects Calafate: from n/a through <= 1.7.7.

« first previous Page 7 of 446. next last »