Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 6958 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-59549	2 Fatcatapps, Wordpress	2 Getresponse Forms, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0.
CVE-2025-58992	2 Implecode, Wordpress	2 Product Catalog Simple, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through 1.8.2.
CVE-2025-58974	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.2.
CVE-2025-58968	1 Wordpress	1 Wordpress	2025-09-23	5 Medium
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MaxiBlocks: from n/a through 2.1.3.
CVE-2025-58965	2 Agency Dominion, Wordpress	2 Fusion Page Builder, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery allows Stored XSS. This issue affects Fusion Page Builder : Extension – Gallery: from n/a through 1.7.6.
CVE-2025-58962	1 Wordpress	1 Wordpress	2025-09-23	6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery. This issue affects Publitio: from n/a through 2.2.1.
CVE-2025-58960	2 Brijeshk89, Wordpress	2 Ip Based Login, Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.3.
CVE-2025-58957	1 Wordpress	1 Wordpress	2025-09-23	4.3 Medium
Missing Authorization vulnerability in Vikas Ratudi VPSUForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VPSUForm: from n/a through 3.2.20.
CVE-2025-53455	3 Cashbill, Woocommerce, Wordpress	3 Cashbill Woocommerce, Woocommerce, Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce allows Stored XSS. This issue affects CashBill.pl – Płatności WooCommerce: from n/a through 3.2.1.
CVE-2025-53454	2 Rustaurius, Wordpress	2 Ultimate Wp Mail, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate WP Mail allows Stored XSS. This issue affects Ultimate WP Mail: from n/a through 1.3.8.
CVE-2025-53450	1 Wordpress	1 Wordpress	2025-09-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP allows PHP Local File Inclusion. This issue affects Easy Pricing Table WP: from n/a through 1.1.3.
CVE-2025-59592	3 Elementor, Fernando Acosta, Wordpress	3 Elementor, Make Column Clickable Elementor, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Acosta Make Column Clickable Elementor allows Stored XSS. This issue affects Make Column Clickable Elementor: from n/a through 1.6.0.
CVE-2025-59591	1 Wordpress	1 Wordpress	2025-09-23	4.3 Medium
Missing Authorization vulnerability in AdvancedCoding wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpDiscuz: from n/a through 7.6.33.
CVE-2025-57915	2 Tochat Be, Wordpress	2 Tochat Be, Wordpress	2025-09-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in César Martín TOCHAT.BE allows Cross Site Request Forgery. This issue affects TOCHAT.BE: from n/a through 1.3.4.
CVE-2025-58704	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows Stored XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.4.
CVE-2025-58683	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luke Mlsna Last Updated Shortcode allows Stored XSS. This issue affects Last Updated Shortcode: from n/a through 1.0.1.
CVE-2025-58673	1 Wordpress	1 Wordpress	2025-09-23	5.4 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability in Tareq Hasan WP User Frontend allows Code Injection. This issue affects WP User Frontend: from n/a through 4.1.11.
CVE-2025-58672	1 Wordpress	1 Wordpress	2025-09-23	5.4 Medium
Missing Authorization vulnerability in Tareq Hasan WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.1.11.
CVE-2025-58671	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in morganrichards Auction Feed allows Stored XSS. This issue affects Auction Feed: from n/a through 1.1.3.
CVE-2025-58670	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection allows Stored XSS. This issue affects WP Content Protection: from n/a through 1.3.

« first previous Page 62 of 348. next last »