Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8467 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-6797	2 Dyadyalesha, Wordpress	2 Dl Robots.txt, Wordpress	2026-01-02	4.8 Medium
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-6230	2 Wordpress, Wp-master	2 Wordpress, Pardakht-delkhah	2026-01-02	6.5 Medium
The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack
CVE-2024-31211	1 Wordpress	1 Wordpress	2026-01-02	5.5 Medium
WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.
CVE-2023-23985	2 Ays-pro, Wordpress	2 Quiz Maker, Wordpress	2025-12-31	3.7 Low
Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.
CVE-2025-60089	3 Crm Perks, Crmperks, Wordpress	3 Wp Gravity Forms Freshdesk Plugin, Wp Gravity Forms Freshdesk Plugin, Wordpress	2025-12-31	9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5.
CVE-2025-60090	3 Crm Perks, Crmperks, Wordpress	3 Wp Gravity Forms Insightly, Wp Gravity Forms Insightly, Wordpress	2025-12-31	9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6.
CVE-2025-60091	3 Crm Perks, Crmperks, Wordpress	3 Wp Gravity Forms Zoho Crm And Bigin, Wp Gravity Forms Zoho Crm And Bigin, Wordpress	2025-12-31	9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9.
CVE-2025-60174	3 Crm Perks, Crmperks, Wordpress	3 Wp Gravity Forms Constant Contact Plugin, Wp Gravity Forms Constant Contact Plugin, Wordpress	2025-12-31	9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2.
CVE-2025-60178	3 Crm Perks, Crmperks, Wordpress	3 Wp Gravity Forms Hubspot, Wp Gravity Forms Hubspot, Wordpress	2025-12-31	9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.6.
CVE-2025-60180	3 Crm Perks, Crmperks, Wordpress	3 Wp Gravity Forms Hubspot, Wp Gravity Forms Salesforce, Wordpress	2025-12-31	9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.5.1.
CVE-2025-68868	1 Wordpress	1 Wordpress	2025-12-31	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeaffairs Wp Text Slider Widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through 1.0.
CVE-2025-68893	2 Hetworks, Wordpress	2 Wordpress Image Shrinker, Wordpress	2025-12-31	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0.
CVE-2025-68876	1 Wordpress	1 Wordpress	2025-12-31	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through 1.0.8.
CVE-2025-68877	1 Wordpress	1 Wordpress	2025-12-31	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CedCommerce CedCommerce Integration for Good Market allows PHP Local File Inclusion.This issue affects CedCommerce Integration for Good Market: from n/a through 1.0.6.
CVE-2025-68879	1 Wordpress	1 Wordpress	2025-12-31	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Councilsoft Content Grid Slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through 1.5.
CVE-2025-68861	2 Plugin Optimizer, Wordpress	2 Plugin Optimizer, Wordpress	2025-12-31	7.1 High
Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7.
CVE-2025-68870	1 Wordpress	1 Wordpress	2025-12-31	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through 1.0.0.
CVE-2025-68878	1 Wordpress	1 Wordpress	2025-12-31	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasadkirpekar Advanced Custom CSS allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through 1.1.0.
CVE-2025-68897	1 Wordpress	1 Wordpress	2025-12-31	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2.
CVE-2025-68494	2 Leap13, Wordpress	2 Premium Addons For Elementor, Wordpress	2025-12-31	7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.

Page 1 of 424. next last »