Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9591 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-13001	2 Kieranoshea, Wordpress	2 Donations, Wordpress	2026-01-30	4.1 Medium
The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks
CVE-2025-13000	2 Jimbob1953, Wordpress	2 Db-access, Wordpress	2026-01-30	7.7 High
The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks
CVE-2025-8889	2 Eliehanna, Wordpress	3 Compress And Upload Plugin, Compress And Upload Plugin, Wordpress	2026-01-30	3.8 Low
The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
CVE-2026-22461	2 Webappick, Wordpress	2 Ctx Feed, Wordpress	2026-01-30	5.3 Medium
Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through <= 6.6.18.
CVE-2025-63045	2 Averta, Wordpress	2 Master Slider Pro, Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through <= 3.7.12.
CVE-2022-47425	2 Reputeinfosystems, Wordpress	2 Armember, Wordpress	2026-01-30	4.3 Medium
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
CVE-2025-68076	2 Select-themes, Wordpress	2 Stockholm Core, Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core stockholm-core allows Stored XSS.This issue affects Stockholm Core: from n/a through <= 2.4.6.
CVE-2025-67983	2 Osama.esh, Wordpress	2 Wp Visitor Statistics (real Time Traffic), Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.3.
CVE-2025-67951	2 Wordpress, Wpzoom	2 Wordpress, Wpzoom Addons For Elementor	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through <= 1.2.10.
CVE-2025-66102	1 Wordpress	1 Wordpress	2026-01-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7.
CVE-2025-66091	2 Design, Wordpress	2 Stylish Cost Calculator, Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.5.
CVE-2025-64383	1 Wordpress	1 Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through <= 1.4.3.
CVE-2025-64381	2 Wordpress, Wpdevelop	2 Wordpress, Booking Calendar	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7.
CVE-2025-64380	3 Booster, Pluggabl, Wordpress	3 Booster For Woocommerce, Booster For Woocommerce, Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2.
CVE-2025-64365	1 Wordpress	1 Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through <= 3.6.0.
CVE-2025-64291	2 Premmerce, Wordpress	2 User Roles, Wordpress	2026-01-30	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
CVE-2025-64275	1 Wordpress	1 Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through <= 2.1.17.
CVE-2025-63048	2 Cridio, Wordpress	2 Listingpro Lead Form, Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows DOM-Based XSS.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.
CVE-2025-63046	2 Cridio, Wordpress	2 Listingpro, Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-63044	3 Elementor, Wordpress, Xpro	3 Elementor, Wordpress, Xpro Elementor Addons	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.

Page 1 of 480. next last »