Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 13486 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-54830	2 Etoile Web Design Incorporated, Wordpress	2 Five Star Restaurant Reservations, Wordpress	2026-06-26	7.5 High
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
CVE-2026-54849	2 Premmerce, Wordpress	2 Wishlist For Woocommerce, Wordpress	2026-06-26	9.3 Critical
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
CVE-2026-56053	2 Theeventprime, Wordpress	2 Eventprime, Wordpress	2026-06-26	8.8 High
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
CVE-2026-56071	2 Wordpress, Wpmudev	2 Wordpress, Forminator Forms	2026-06-26	7.1 High
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
CVE-2026-54848	2 Saad Iqbal, Wordpress	2 Apiexperts Square For Woocommerce, Wordpress	2026-06-26	8.3 High
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
CVE-2026-56006	2 H5p, Wordpress	2 H5p, Wordpress	2026-06-26	7.1 High
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
CVE-2026-56050	2 Themeisle, Wordpress	2 Ppom For Woocommerce, Wordpress	2026-06-26	6.5 Medium
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
CVE-2026-57619	2 Elementor, Wordpress	2 Elementor Website Builder, Wordpress	2026-06-25	6.5 Medium
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
CVE-2026-27366	2 Mainwp, Wordpress	2 Mainwp Child, Wordpress	2026-06-25	7.5 High
Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.
CVE-2026-54823	2 Marketingfire, Wordpress	2 Widget-options, Wordpress	2026-06-25	9.9 Critical
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
CVE-2026-56005	2 Melapress, Wordpress	2 Wp Activity Log, Wordpress	2026-06-25	7.1 High
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-54842	2 Royal Plugins, Wordpress	2 Royal Mcp, Wordpress	2026-06-25	8.1 High
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.
CVE-2026-56014	2 Averta, Wordpress	2 Master Slider, Wordpress	2026-06-25	7.1 High
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
CVE-2026-12079	2 Wedevs, Wordpress	2 Dokan Pro, Wordpress	2026-06-25	6.5 Medium
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-54829	2 Jacob N. Breetvelt, Wordpress	2 Wp Photo Album Plus, Wordpress	2026-06-25	7.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
CVE-2026-56042	2 Algolplus, Wordpress	2 Advanced Order Export For Woocommerce, Wordpress	2026-06-25	7.1 High
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
CVE-2026-56049	2 Postsnippets, Wordpress	2 Post Snippets, Wordpress	2026-06-25	8.5 High
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
CVE-2026-56051	2 Tablepress, Wordpress	2 Tablepress, Wordpress	2026-06-25	7.1 High
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
CVE-2026-56054	2 Ahmad, Wordpress	2 Js Help Desk, Wordpress	2026-06-25	7.7 High
Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.
CVE-2026-54841	2 Appsbd, Wordpress	2 Vitepos, Wordpress	2026-06-25	7.5 High
Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.

« first previous Page 12 of 675. next last »