Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11910 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-29126	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Mortellaro Specific Content For Mobile – Customize the mobile version without redirections allows Reflected XSS.This issue affects Specific Content For Mobile – Customize the mobile version without redirections: from n/a through 0.1.9.5.
CVE-2025-64189	2 8theme, Wordpress	2 Xstore Core, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through < 5.6.
CVE-2025-64197	2 Sizam Design, Wordpress	2 Rehub, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1.
CVE-2025-64209	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2026-04-15	7.5 High
Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through < 4.8.122.
CVE-2025-64220	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8.
CVE-2025-64223	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign PenNews pennews allows PHP Local File Inclusion.This issue affects PenNews: from n/a through < 6.7.3.
CVE-2025-64226	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through <= 1.2.11.
CVE-2025-64227	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7.
CVE-2025-64234	2 Evergreencontentposter, Wordpress	2 Evergreen Content Poster, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Evergreen Content Poster: from n/a through <= 1.4.5.
CVE-2025-64246	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through <= 1.0.49.
CVE-2025-64260	2 Marcomilesi, Wordpress	2 Anac Xml Bandi Di Gara, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Milesi ANAC XML Bandi di Gara avcp allows Reflected XSS.This issue affects ANAC XML Bandi di Gara: from n/a through <= 7.7.
CVE-2025-64267	3 Woocommerce, Wordpress, Wpswings	3 Woocommerce, Wordpress, Ultimate Points And Rewards	2026-04-15	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through <= 2.10.2.
CVE-2025-64274	2 Wordpress, Wpkoi	2 Wordpress, Wpkoi Templates For Elementor	2026-04-15	4.3 Medium
Missing Authorization vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPKoi Templates for Elementor: from n/a through <= 3.4.4.
CVE-2025-64285	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Wholesale Pricing For Woocommerce, Woocommerce and 1 more	2026-04-15	5.4 Medium
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
CVE-2025-64291	2 Premmerce, Wordpress	2 User Roles, Wordpress	2026-04-15	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
CVE-2025-64358	3 Webtoffee, Woocommerce, Wordpress	3 Smart Coupons For Woocommerce, Woocommerce, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through <= 2.2.3.
CVE-2025-64365	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through <= 3.6.0.
CVE-2025-64374	2 Stylemixthemes, Wordpress	2 Motors - Car Dealer, Classifieds & Listing, Wordpress	2026-04-15	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through <= 5.6.81.
CVE-2025-6440	2 Jma Plugins, Wordpress	2 Woocommerce Designer Pro, Wordpress	2026-04-15	9.8 Critical
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdp_save_canvas_design_ajax' function in all versions up to, and including, 1.9.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2025-59567	2 Relywp, Wordpress	2 Coupon Affiliates, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through <= 6.8.0.

« first previous Page 214 of 596. next last »