Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11882 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-22740	2 Automattic, Wordpress	2 Sensei Lms, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through <= 4.24.4.
CVE-2025-22739	2 Thimpress, Wordpress	2 Learnpress, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.7.5.
CVE-2025-22738	3 Technowich, Wordpress, Wpulike	3 Wp Ulike, Wordpress, Wp Ulike	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alimir WP ULike wp-ulike allows Stored XSS.This issue affects WP ULike: from n/a through <= 4.7.6.
CVE-2025-22736	2 Wordpress, Wpexperts	2 Wordpress, User Management	2026-04-23	8.8 High
Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2.
CVE-2025-22730	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.2.
CVE-2025-22722	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.8.
CVE-2025-22705	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts disqus-popular-posts allows Reflected XSS.This issue affects Disqus Popular Posts: from n/a through <= 2.1.1.
CVE-2025-22700	1 Wordpress	1 Wordpress	2026-04-23	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through < 3.1.3.
CVE-2025-22699	1 Wordpress	1 Wordpress	2026-04-23	9 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through < 3.1.2.
CVE-2025-22689	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Levan Tarbor Forex Calculators fx-calculators allows Stored XSS.This issue affects Forex Calculators: from n/a through <= 1.3.6.
CVE-2025-22688	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through <= 0.2.6.
CVE-2025-22687	2 Asmedia, Wordpress	2 Tuaug4, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asmedia Tuaug4 tuaug4 allows Reflected XSS.This issue affects Tuaug4: from n/a through <= 1.4.
CVE-2025-22685	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in CheGevara29 Tags to Keywords tags-to-meta-keywords allows Stored XSS.This issue affects Tags to Keywords: from n/a through <= 1.0.1.
CVE-2025-22684	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS.This issue affects WP BASE Booking: from n/a through <= 5.0.0.
CVE-2025-22682	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Reflected XSS.This issue affects Hesabfa Accounting: from n/a through <= 2.1.2.
CVE-2025-22680	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ad Inserter Pro ad-inserter-pro allows Reflected XSS.This issue affects Ad Inserter Pro: from n/a through <= 2.7.39.
CVE-2025-22673	2 Wordpress, Wpfactory	2 Wordpress, Ean For Woocommerce	2026-04-23	4.3 Medium
Missing Authorization vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through <= 5.3.5.
CVE-2025-22665	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad unusedcss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through <= 2.4.4.
CVE-2025-22658	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Listings for Appfolio Listings for Appfolio listings-for-appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through <= 1.2.0.
CVE-2025-22656	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Oscar Alvarez Cookie Monster cookie-monster allows PHP Local File Inclusion.This issue affects Cookie Monster: from n/a through <= 1.2.2.

« first previous Page 215 of 595. next last »