Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 6774 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62052	2 Horea Radu, Wordpress	2 One Page Express Companion, Wordpress	2025-10-23	4.3 Medium
Missing Authorization vulnerability in Horea Radu One Page Express Companion one-page-express-companion.This issue affects One Page Express Companion: from n/a through <= 1.6.43.
CVE-2025-62042	1 Wordpress	1 Wordpress	2025-10-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through <= 5.10.3.
CVE-2025-62024	2 Jonathanjernigan, Wordpress	2 Pie Calendar, Wordpress	2025-10-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar pie-calendar.This issue affects Pie Calendar: from n/a through <= 1.2.9.
CVE-2025-62020	2 Infomaniak, Wordpress	2 Vod Infomaniak, Wordpress	2025-10-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through <= 1.5.11.
CVE-2025-60246	1 Wordpress	1 Wordpress	2025-10-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through <= 1.0.
CVE-2025-60224	1 Wordpress	1 Wordpress	2025-10-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9.
CVE-2025-60222	3 Fantasticplugins, Woocommerce, Wordpress	3 Sumo Memberships For Woocommerce, Woocommerce, Wordpress	2025-10-23	8.8 High
Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0.
CVE-2025-60221	1 Wordpress	1 Wordpress	2025-10-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3.
CVE-2025-60220	1 Wordpress	1 Wordpress	2025-10-23	9.8 Critical
Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0.
CVE-2025-60216	1 Wordpress	1 Wordpress	2025-10-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through <= 1.4.2.
CVE-2025-60215	1 Wordpress	1 Wordpress	2025-10-23	8.8 High
Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through <= 3.4.
CVE-2025-60212	1 Wordpress	1 Wordpress	2025-10-23	8.8 High
Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2.
CVE-2025-60211	3 Extendons, Woocommerce, Wordpress	3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress	2025-10-23	8.8 High
Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3.
CVE-2025-60210	2 Wordpress, Wpeverest	2 Wordpress, Everest Forms	2025-10-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5.
CVE-2025-60209	1 Wordpress	1 Wordpress	2025-10-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.6.
CVE-2025-60208	1 Wordpress	1 Wordpress	2025-10-23	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through <= 2.0.9.
CVE-2025-60206	1 Wordpress	1 Wordpress	2025-10-23	10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through <= 7.8.3.
CVE-2025-60176	1 Wordpress	1 Wordpress	2025-10-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tattersoftware WP Tesseract wp-tesseract allows Stored XSS.This issue affects WP Tesseract: from n/a through <= 1.0.2.
CVE-2025-60168	1 Wordpress	1 Wordpress	2025-10-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through <= 1.6.
CVE-2025-60151	2 Crm Perks, Wordpress	2 Wp Gravity Forms Hubspot, Wordpress	2025-10-23	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.5.

« first previous Page 24 of 339. next last »