Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8268 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-67574	2 Wordpress, Wpdevart	2 Wordpress, Booking Calendar	2025-12-10	5.3 Medium
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.30.
CVE-2025-67538	2 Jnews, Wordpress	2 Jnews, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews Gallery jnews-gallery allows Stored XSS.This issue affects JNews Gallery: from n/a through < 12.0.1.
CVE-2025-67528	1 Wordpress	1 Wordpress	2025-12-10	5.1 Medium
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12.
CVE-2025-67566	2 Wofficeio, Wordpress	2 Woffice Core, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.
CVE-2025-67565	2 Sizam Design, Wordpress	2 Rehub, Wordpress	2025-12-10	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1.
CVE-2025-67567	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11.
CVE-2025-67562	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from n/a through < 20.0.
CVE-2025-67536	2 Thimpress, Wordpress	2 Learnpress, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through <= 4.2.9.4.
CVE-2025-67539	2 Select-themes, Wordpress	2 Stockholm Core, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through < 2.6.
CVE-2025-63045	2 Averta, Wordpress	2 Master Slider Pro, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through <= 3.7.12.
CVE-2025-67591	2 Jnews, Wordpress	2 Jnews, Wordpress	2025-12-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1.
CVE-2025-63046	2 Cridio, Wordpress	2 Listingpro, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-63044	3 Elementor, Wordpress, Xpro	3 Elementor, Wordpress, Xpro Elementor Addons	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.
CVE-2025-67575	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through <= 2.4.1.
CVE-2025-63047	2 Cridio, Wordpress	2 Listingpro, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-63054	2 Expresstech, Wordpress	2 Quiz And Survey Master, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1.
CVE-2025-63030	1 Wordpress	1 Wordpress	2025-12-10	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.0.
CVE-2025-67579	2 Vanquish, Wordpress	2 User Extra Fields, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.
CVE-2025-63009	2 Wordpress, Yuvalo	2 Wordpress, Wp Google Analytics Events	2025-12-10	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through <= 2.8.2.
CVE-2025-67592	2 Joedolson, Wordpress	2 My-calendar, Wordpress	2025-12-10	4.3 Medium
Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.

« first previous Page 38 of 414. next last »