Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 10915 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32359	2 Bplugins, Wordpress	2 Icon List Block, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3.
CVE-2026-32360	2 Richplugins, Wordpress	2 Rich Showcase For Google Reviews, Wordpress	2026-03-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3.
CVE-2026-32396	2 Radiustheme, Wordpress	2 Team, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.
CVE-2026-32355	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2026-03-16	8.8 High
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.
CVE-2026-32408	2 Themefusecom, Wordpress	2 Brizy, Wordpress	2026-03-16	4.3 Medium
Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23.
CVE-2026-32377	2 Raratheme, Wordpress	2 Pranayama Yoga, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2.
CVE-2026-32458	2 Realmag777, Wordpress	2 Wolf, Wordpress	2026-03-16	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
CVE-2026-32330	2 10web, Wordpress	2 Photo Gallery, Wordpress	2026-03-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.
CVE-2026-32437	2 Vowelweb, Wordpress	2 Vw Portfolio, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1.3.3.
CVE-2026-32447	2 Vito Peleg, Wordpress	2 Atarim, Wordpress	2026-03-16	4.3 Medium
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.
CVE-2026-3891	2 Linknacional, Wordpress	2 Pix For Woocommerce, Wordpress	2026-03-16	9.8 Critical
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2026-32450	2 Realmag777, Wordpress	2 Active Products Tables For Woocommerce, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through <= 1.0.7.
CVE-2026-32332	2 Ays-pro, Wordpress	2 Easy Form, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.
CVE-2026-32345	2 Rarathemes, Wordpress	2 Perfect Portfolio, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through <= 1.2.4.
CVE-2026-32383	2 Raratheme, Wordpress	2 Ridhi, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2.
CVE-2026-32363	2 Funlus Oy, Wordpress	2 Wplifecycle, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1.
CVE-2026-32387	2 Noorsplugin, Wordpress	2 Checkout For Paypal, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.
CVE-2026-32388	2 Linethemes, Wordpress	2 Glb, Wordpress	2026-03-16	5.4 Medium
Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.
CVE-2026-32374	2 Raratheme, Wordpress	2 The Minimal, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9.
CVE-2026-32347	2 Rarathemes, Wordpress	2 Restaurant And Cafe, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through <= 1.2.5.

« first previous Page 5 of 546. next last »