Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 10915 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32338	2 Rarathemes, Wordpress	2 Construction Landing Page, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.
CVE-2026-32487	2 Rarathemes, Wordpress	2 Lawyer Landing Page, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.
CVE-2026-32332	2 Ays-pro, Wordpress	2 Easy Form, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.
CVE-2026-32341	2 Rarathemes, Wordpress	2 Benevolent, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9.
CVE-2026-32380	2 Raratheme, Wordpress	2 Numinous, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through <= 1.3.0.
CVE-2026-32410	2 Woobewoo, Wordpress	2 Wbw Currency Switcher For Woocommerce, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.
CVE-2026-32454	2 Theme-fusion, Wordpress	2 Avada, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.
CVE-2026-32363	2 Funlus Oy, Wordpress	2 Wplifecycle, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1.
CVE-2026-32388	2 Linethemes, Wordpress	2 Glb, Wordpress	2026-03-16	5.4 Medium
Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.
CVE-2026-4063	2 Wordpress, Wpzoom	2 Wordpress, Social Icons Widget & Block – Social Media Icons & Share Buttons	2026-03-16	4.3 Medium
The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter.
CVE-2026-32449	2 Themifyme, Wordpress	2 Themify Event Post, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.
CVE-2026-32403	2 Toocheke, Wordpress	2 Toocheke Companion, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194.
CVE-2026-32448	2 Eric Teubert, Wordpress	2 Podlove Podcast Publisher, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3.
CVE-2026-32451	2 Themefusion, Wordpress	2 Fusion Builder, Wordpress	2026-03-16	6.3 Medium
Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.
CVE-2026-32443	2 Josh Kohlbach, Wordpress	2 Product Feed Pro For Woocommerce, Wordpress	2026-03-16	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.
CVE-2026-32336	2 Rarathemes, Wordpress	2 Rara Business, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0.
CVE-2026-32455	2 Realmag777, Wordpress	2 Mdtf, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5.
CVE-2026-32350	2 Wordpress, Wpradiant	2 Wordpress, Chocolate House	2026-03-16	5.3 Medium
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5.
CVE-2026-32352	2 Elementor, Wordpress	2 Elementor Website Builder, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
CVE-2026-32377	2 Raratheme, Wordpress	2 Pranayama Yoga, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2.

« first previous Page 6 of 546. next last »