Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 12066 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62957	3 Nikanwp, Woocommerce, Wordpress	3 Woocommerce Reporting, Woocommerce, Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.
CVE-2025-52773	1 Wordpress	1 Wordpress	2026-04-27	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through <= 1.5.11.
CVE-2025-52758	2 Gesundheit-bewegt, Wordpress	2 Zippy, Wordpress	2026-04-27	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy zippy allows Using Malicious Files.This issue affects Zippy: from n/a through <= 1.7.0.
CVE-2025-52738	2 Mediawiki, Wordpress	2 Wikipedia Preview, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0.
CVE-2025-52735	2 Wordpress, Xlplugins	2 Wordpress, Nextmove	2026-04-27	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.24.0.
CVE-2025-52734	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through <= 1.2.1.
CVE-2025-23993	1 Wordpress	1 Wordpress	2026-04-27	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RiceTheme Felan Framework felan-framework allows SQL Injection.This issue affects Felan Framework: from n/a through <= 1.1.3.
CVE-2025-62965	2 Admin Management Xtended Project, Wordpress	2 Admin Management Xtended, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1.
CVE-2025-62956	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through <= 2.0.1.
CVE-2025-62954	2 Revive, Wordpress	2 Revive Old Posts, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through <= 9.3.3.
CVE-2025-62952	2 Quantumcloud, Wordpress	2 Chatbot, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.7.3.
CVE-2025-62946	2 Everestthemes, Wordpress	2 Everest Backup, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8.
CVE-2025-62945	2 Eduard Pinuaga Linares, Wordpress	2 Did Prestashop Display, Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <= 1.0.30.
CVE-2025-66136	2 Merkulove, Wordpress	2 Carter For Elementor, Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.
CVE-2025-62938	2 Reoon Technology, Wordpress	2 Reoon Email Verifier, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through <= 2.0.1.
CVE-2025-62935	3 Ilmosys, Woocommerce, Wordpress	3 Open Close Woocommerce Store, Woocommerce, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 5.0.0.
CVE-2025-62934	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through <= 1.4.
CVE-2025-62933	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.
CVE-2025-62932	1 Wordpress	1 Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: from n/a through <= 3.0.0.
CVE-2025-62931	1 Wordpress	1 Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.9.

« first previous Page 73 of 604. next last »