Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8291 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-63008	2 Wedevs, Wordpress	2 Wp Erp, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.16.7.
CVE-2025-67588	2 Elementor, Wordpress	2 Website Builder, Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.
CVE-2025-67585	1 Wordpress	1 Wordpress	2025-12-10	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Phishing.This issue affects Flexmls® IDX: from n/a through <= 3.15.7.
CVE-2025-63037	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68.
CVE-2025-67597	1 Wordpress	1 Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through <= 1.9.11.
CVE-2025-63050	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through <= 19.9.8.
CVE-2025-63056	2 Bestwebsoft, Wordpress	2 Contact Form, Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through <= 4.3.5.
CVE-2025-63013	2 Thimpress, Wordpress	2 Wp Hotel Booking, Wordpress	2025-12-10	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.
CVE-2025-63033	3 Elementor, Riyadh Ahmed, Wordpress	3 Elementor, Make Section And Column Clickable For Elementor, Wordpress	2025-12-10	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-elementor allows Stored XSS.This issue affects Make Section & Column Clickable For Elementor: from n/a through <= 2.3.
CVE-2025-67576	2 Quantumcloud, Wordpress	2 Simple Link Directory, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2025-63012	2 Thimpress, Wordpress	2 Wp Hotel Booking, Wordpress	2025-12-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.
CVE-2025-63055	3 Elementor, Liton Arefin, Wordpress	3 Elementor, Master Addons For Elementor, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.
CVE-2025-67578	2 Rhys Wynne, Wordpress	2 Wp Email Capture, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through <= 3.12.4.
CVE-2025-67587	2 Crm Perks, Wordpress	2 Wp Gravity Forms Freshdesk Plugin, Wordpress	2025-12-10	4.3 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5.
CVE-2025-67593	1 Wordpress	1 Wordpress	2025-12-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.48.
CVE-2025-63010	1 Wordpress	1 Wordpress	2025-12-10	4.8 Medium
Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through <= 7.4.
CVE-2025-63048	2 Cridio, Wordpress	2 Listingpro Lead Form, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.
CVE-2025-67584	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in rtCamp GoDAM godam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDAM: from n/a through <= 1.4.6.
CVE-2025-63052	2 Gallerycreator, Wordpress	2 Simply Gallery, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through <= 3.2.8.
CVE-2025-67589	2 Wordpress, Wpovernight	2 Wordpress, Woocommerce Pdf Invoices\& Packing Slips	2025-12-10	4.3 Medium
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through <= 4.9.1.

« first previous Page 37 of 415. next last »